漏洞描述
OpenNMS Dashboard exposure was detected. OpenNMS is an enterprise-grade network monitoring platform. Exposed dashboards may reveal sensitive network infrastructure information, monitoring data, alarms, and potentially allow unauthorized access.
opennms-dashboard-exposure: OpenNMS Dashboard - Exposure Detection
PoC代码[已公开]
id: opennms-dashboard-exposure
info:
name: OpenNMS Dashboard - Exposure Detection
author: ritikchaddha
severity: medium
description: |
OpenNMS Dashboard exposure was detected. OpenNMS is an enterprise-grade network monitoring platform. Exposed dashboards may reveal sensitive network infrastructure information, monitoring data, alarms, and potentially allow unauthorized access.
reference:
- https://docs.opennms.com/horizon/35/operation/deep-dive/visualizations/dashboard.html
- https://docs.opennms.com/horizon/30/operation/user-management/introduction.html
- https://www.opennms.com/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cwe-id: CWE-200
cpe: cpe:2.3:a:opennms:opennms:*:*:*:*:*:*:*:*
metadata:
max-request: 3
vendor: opennms
product: opennms
shodan-query: title:"OpenNMS Web Console"
fofa-query: title="OpenNMS Web Console"
google-dork: intitle:"OpenNMS Web Console"
tags: panel,opennms,exposure,dashboard,network-monitoring,misconfig
http:
- method: GET
path:
- "{{BaseURL}}/opennms/index.jsp"
- "{{BaseURL}}/opennms/dashboard.jsp"
- "{{BaseURL}}/opennms/"
stop-at-first-match: true
redirects: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "OpenNMS Web Console"
- "OpenNMS"
condition: or
- type: word
part: body
words:
- "Status"
- "Dashboard"
- "Home"
- "Maps"
condition: and
- type: status
status:
- 200
# digest: 4a0a00473045022045aa14dda00a76112ced53259f59e5909c04002aa815271885702b0c75db207e0221009cf75b4d5940a048d99a0d2a94923eabbae918fd48ebdb2fcd607220230d0e82:922c64590222798bb761d5b6d8e72950