漏洞描述
Filestash is susceptible to the Admin Password Configuration page exposure due to misconfiguration.
filestash-admin-config: Filestash Admin Password Configuration
PoC代码[已公开]
id: filestash-admin-config
info:
name: Filestash Admin Password Configuration
author: DhiyaneshDK
severity: high
description: |
Filestash is susceptible to the Admin Password Configuration page exposure due to misconfiguration.
classification:
cpe: cpe:2.3:a:filestash:filestash:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: filestash
product: filestash
shodan-query: html:"<title>Admin Console</title>"
tags: exposure,filestash,config,vuln
http:
- method: GET
path:
- "{{BaseURL}}/admin/setup"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<title>Admin Console</title>'
- 'component-loader'
condition: and
- type: status
status:
- 200
# digest: 490a00463044022073ecf02a598e51735df29bcbc13676c4b03ed5e083c88c34d7259e4750660c2d022058fbfecc645f417e59cc58a3b99f5d5e1ab331dd217aa207bc7555f49a29870a:922c64590222798bb761d5b6d8e72950