mosparo-install: mosparo Exposed Installation

漏洞描述

PoC代码[已公开]

id: mosparo-install

info:
  name: mosparo Exposed Installation
  author: DhiyaneshDK
  severity: high
  description: mosparo is susceptible to the Installation page exposure due to misconfiguration.
  classification:
    cpe: cpe:2.3:a:mosparo:mosparo:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: mosparo
    product: mosparo
    shodan-query: title:"Setup - mosparo"
  tags: misconfig,mosparo,install,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/setup/"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '<title>Setup - mosparo'

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100bf26a5d5d60e035fc73b64f2ac36a591ffbfaaee7f6a16c210589ca63cdcafe202205ba5b55c89afce36ac223728da6428e0a3c196d3cec6ff9700469a67f1db5894:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• POC exposed-gitmodules: .gitmodules File Exposed
• POC vtigercrm-exposed-directory: Vtiger CRM - Exposed Directory
• wordpress-install: WordPress Exposed Installation
• POC CVE-2020-13937: Apache Kylin - Exposed Configuration File
• POC CVE-2023-5375: Mosparo < 1.0.2 - Open Redirect
• POC CVE-2024-11972: Hunk Companion < 1.9.0 - Unauthenticated Plugin Installation
• POC CVE-2024-9707: Hunk Companion <= 1.8.4 - Arbitrary Plugin Installation
• POC CVE-2020-13937: Apache Kylin Exposed Configuration File
• POC public-actiontrail-bucket: ActionTrail Log Buckets - Publicly Exposed
• POC sqs-queue-exposed: SQS Queue Exposed
• POC vpc-endpoint-exposed: Exposed VPC Endpoint
• POC azure-functionapp-public-exposure: Exposed Azure Functions
• POC javamelody-detect: JavaMelody Monitoring Exposed