node-exporter-metrics: Detect Node Exporter Metrics

漏洞描述

PoC代码[已公开]

id: node-exporter-metrics

info:
  name: Detect Node Exporter Metrics
  author: pussycat0x
  severity: low
  description: Information Disclosure of Garbage Collection
  metadata:
    max-request: 1
  tags: node,exposure,debug,misconfig,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/metrics"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "node_cooling_device"
          - "node_network"
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100f6e969b829ffd2b305cb60d5ff11bf6313ace7fbb8f305635993dee07d9ee8b0022034eaf6c060ada677d31c7a13af67af19e52d2ba064adb49548cfef0ecd1233f8:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• POC mailgun-takeover: Mailgun Takeover Detection
• IDEMIA BIOMetrics 弱口令漏洞
• honeypot-detection: Honeypot Detection
• backup-files: Compressed Backup File - Detect
• shiro-key-detect: Shiro Key Detection
• POC CVE-2019-11248: Debug Endpoint pprof - Exposure Detection
• POC CVE-2020-35338: Wireless Multiplex Terminal Playout Server <=20.2.8 - Default Credential Detection
• POC CVE-2022-0149: WooCommerce Stored Exporter WordPress Plugin < 2.7.1 - Cross-Site Scripting
• POC CVE-2023-50290: Apache Solr - Host Environment Variables Leak via Metrics API
• POC CVE-2023-48795: OpenSSH Terrapin Attack - Detection
• POC CVE-2001-1473: Deprecated SSHv1 Protocol Detection
• CVE-2024-32651: Change Detection - Server Side Template Injection
• POC CVE-2001-1473: Deprecated SSHv1 Protocol Detection