漏洞描述
Detected ITFlow setup wizard was exposed with an unfinished installation, allowing attackers to configure the database and create an admin account.
itflow-unfinished-installation: ITFlow Unfinished Installation
PoC代码[已公开]
id: itflow-unfinished-installation
info:
name: ITFlow Unfinished Installation
author: 0x_Akoko
severity: high
description: |
Detected ITFlow setup wizard was exposed with an unfinished installation, allowing attackers to configure the database and create an admin account.
reference:
- https://github.com/itflow-org/itflow
- https://docs.itflow.org/installation
metadata:
verified: true
max-request: 1
shodan-query: http.title:"ITFlow"
fofa-query: title="ITFlow"
tags: itflow,misconfig,install,exposure
http:
- method: GET
path:
- "{{BaseURL}}/setup/index.php"
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains_all(body, "<title>ITFlow Setup</title>", "for choosing to try ITFlow", "Begin Setup", "Database")'
condition: and
# digest: 4b0a004830460221009c71ba0911150261822e0e4aecff6a8db3afc95fcfc7418563b3791832ea9fee022100e2b73513b11af886f82bf2207f4b6f933cd7394b80da6061ac22523b3395ae62:922c64590222798bb761d5b6d8e72950