漏洞描述
Detected exposed Lightstreamer Server dashboard that may reveal server configuration,real-time monitoring data, session information, and internal infrastructure details.
lightstreamer-dashboard-exposure: Lightstreamer Dashboard Exposure
PoC代码[已公开]
id: lightstreamer-dashboard-exposure
info:
name: Lightstreamer Dashboard Exposure
author: DhiyaneshDk
severity: medium
description: |
Detected exposed Lightstreamer Server dashboard that may reveal server configuration,real-time monitoring data, session information, and internal infrastructure details.
reference:
- https://lightstreamer.com/
- https://lightstreamer.com/docs/ls-server/latest/Dashboard%20and%20Monitoring.html
metadata:
verified: true
max-request: 2
shodan-query: html:"lightstreamer"
tags: exposure,lightstreamer,dashboard,misconfig,unauth
http:
- method: GET
path:
- "{{BaseURL}}/dashboard/"
- "{{BaseURL}}/lightstreamer/dashboard/"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Lightstreamer Monitoring Dashboard"
- "performance"
condition: and
case-insensitive: true
- type: status
status:
- 200
# digest: 490a0046304402206c891fdc23ee28abca66743a32fd2c663a09c6b62eb06e8d4a297ac5bf5ce33002205fefdfc829138fcbafaee5d41c0a69b58cec174189c3285e9e2aca8b44f8eb31:922c64590222798bb761d5b6d8e72950