gibbon-installer: Gibbon Installer - Exposure

日期: 2025-08-01 | 影响软件: Gibbon Installer | POC: 已公开

漏洞描述

Gibbon is susceptible to the Installation page exposure due to misconfiguration.

PoC代码[已公开]

id: gibbon-installer

info:
  name: Gibbon Installer - Exposure
  author: DhiyaneshDK
  severity: high
  description: Gibbon is susceptible to the Installation page exposure due to misconfiguration.
  metadata:
    verified: true
    max-request: 1
    fofa-query: icon_hash="-165631681"
    product: gibbon
    vendor: gibbonedu
    shodan-query: http.favicon.hash:"-165631681"
  tags: misconfig,gibbon,install,exposure,vuln

http:
  - method: GET
    path:
      - '{{BaseURL}}/installer/install.php'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '<title>Gibbon Installer</title>'

      - type: word
        part: header
        words:
          - "text/html"

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100f8c591ccd3018d99f4cdadc42db6c5c248f337348e76f25e80273a32edc03db4022100f0a75942cf69b0cd6f587ffc0970ebc30d5b5921d987a77bf11b0984c5d1d1f1:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/misconfiguration/installer/gibbon-installer.yaml