漏洞描述
Detects exposed Flarum installation pages which could allow unauthorized access or information disclosure.
flarum-installer: Flarum Installation Page - Exposure
PoC代码[已公开]
id: flarum-installer
info:
name: Flarum Installation Page - Exposure
author: DhiyaneshDK
severity: high
description: |
Detects exposed Flarum installation pages which could allow unauthorized access or information disclosure.
reference:
- https://flarum.org/
classification:
cpe: cpe:2.3:a:flarum:flarum:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: flarum
product: flarum
shodan-query: html:"Install Flarum"
tags: misconfig,install,exposure,flarum
http:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<title>Install Flarum</title>"
- "Admin Password"
condition: and
- type: status
status:
- 200
# digest: 4a0a00473045022100ca48188cb8d324e85a7b0d550b9db68ec249183cb9f2bf78253e6b9bda289ac7022036eed96991b007d1a12ca95289bee84139fcc04a1d49f6a245abbab11170452e:922c64590222798bb761d5b6d8e72950