icinga-dashboard-exposure: Icinga Exposed Dashboard

漏洞描述

PoC代码[已公开]

id: icinga-dashboard-exposure

info:
  name: Icinga Exposed Dashboard
  author: DhiyaneshDk
  severity: medium
  description: |
    Icinga Dashboard was exposed.
  reference:
    - https://icinga.com/
  metadata:
    verified: true
    max-request: 1
    shodan-query: html:"icinga" html:"Statistics"
  tags: exposure,icinga,statistics,oos

http:
  - method: GET
    path:
      - "{{BaseURL}}/icinga2"

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains_all(body, "Statistics", "Icinga")'
        condition: and
# digest: 4b0a00483046022100bb2eb8eef80e0c021f7f22578811c625f3d659f30d593552a67e1213c4bfbafd022100fd577ade9124219d3da0865c7d7971b0a9dbf4b6fa1e2ead5dc34c586cfe0a0c:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• POC CVE-2016-15041: MainWP Dashboard <= 3.1.2 - Stored Cross-Site Scripting
• POC dagster-webserver-ui-exposure: Dagster - Webserver UI Exposure
• POC frigate-api-exposure: Frigate NVR - API Exposure
• POC batflat-sqlite-exposure: Batflat SQLite Database - Exposure
• POC netlify-headers-config-exposure: Netlify Headers Configuration - Exporsure
• POC selenium-grid-exposure: Selenium Grid Exposure
• POC aws-buildspec-exposure: AWS CodeBuild Build Spec - Exposure
• POC gcloudignore-file-exposure: Google Cloud Ignore File Exposure
• POC joe-deadjoe-file-exposure: Joe Editor DEADJOE File - Exposure
• POC postgres-history-exposure: PostgreSQL History - Exposure
• POC cacti-log-exposure: Cacti Log - Exposure
• POC magento-debug-log-exposure: Magento Debug Log - Exposure
• POC azure-instrumentation-key-exposure: Azure Instrumentation Key - Exposure