envoy-admin-exposure: Envoy Admin Exposure

日期: 2025-08-01 | 影响软件: envoy admin exposure | POC: 已公开

漏洞描述

Envoy Admin page exposed.

PoC代码[已公开]

id: envoy-admin-exposure

info:
  name: Envoy Admin Exposure
  author: DhiyaneshDk
  severity: medium
  description: Envoy Admin page exposed.
  reference:
    - https://www.envoyproxy.io/docs/envoy/latest/
  classification:
    cpe: cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: envoyproxy
    product: envoy
    shodan-query: title:"Envoy Admin"
  tags: misconfig,envoy,exposure,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "<title>Envoy Admin</title>"

      - type: word
        part: header
        words:
          - "text/html"

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100e9b5d16ecc98eda98978ce2e91d0ac8d8a9cd375680383bbfbbb1749b737cf8b02201c9a5b767f2ad96ad366179d45afb040499478f6c859e712c01b0ff9c98b7669:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/misconfiguration/envoy-admin-exposure.yaml