漏洞描述
OneinStack Control Center dashboard was detected.
oneinstack-control-center: OneinStack Control Center Dashboard - Detect
PoC代码[已公开]
id: oneinstack-control-center
info:
name: OneinStack Control Center Dashboard - Detect
author: theabhinavgaur
severity: medium
description: |
OneinStack Control Center dashboard was detected.
reference:
- https://github.com/oneinstack/oneinstack
- https://oneinstack.com/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cwe-id: CWE-200
metadata:
verified: true
max-request: 1
shodan-query: http.title:"OneinStack"
tags: misconfig,exposure,panel,oneinstack,vuln
http:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body, "OneinStack")'
- 'contains_any(body, "Control center", "控制中心" , "id=\"backup_link")'
condition: and
# digest: 4a0a004730450221008d0d37b7a7054b4899520d81e9260f4981c05bcb956ca0200452a9acb0199447022067d0ecf0fc1b69b167bad3b67148dc0e5c1579418ac05e519815e93ff8f58127:922c64590222798bb761d5b6d8e72950