Ngrok is a popular platform that provides secure tunnels to localhost, allowing users to expose a local web server to the internet.The Ngrok status page is a web page that provides real-time information about the health and performance of the Ngrok service.
PoC代码[已公开]
id: ngrok-status-page
info:
name: Ngrok Status Page
author: pussycat0x
severity: low
description: |
Ngrok is a popular platform that provides secure tunnels to localhost, allowing users to expose a local web server to the internet.The Ngrok status page is a web page that provides real-time information about the health and performance of the Ngrok service.
metadata:
verified: true
max-request: 1
shodan-query: http.title:"ngrok"
tags: ngrok,misconfig,status,vuln
http:
- method: GET
path:
- '{{BaseURL}}/status'
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<title>ngrok</title>'
- '<title>ngrok - Status</title>'
condition: or
- type: status
status:
- 200
# digest: 4b0a00483046022100d87503a8dfdd97dc43ab14b50792ef0b3b7b8e9810f1d984649b7425bd9c9b95022100965b59e3d35be9e8004630b74f6f01624c9928d4a6052b2a245e1058c04f07fb:922c64590222798bb761d5b6d8e72950