posteio-installer: First Poste.io Configuration Installation Wizard

id: posteio-installer

info:
  name: First Poste.io Configuration Installation Wizard
  author: ritikchaddha
  severity: high
  description: Poste.io is susceptible to the Installation page exposure due to misconfiguration.
  metadata:
    verified: true
    max-request: 1
    shodan-query: title:"Initial server configuration"
  tags: misconfig,exposure,install,poste,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/admin/install/server"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<title>Initial server configuration"
          - "Generate</button>"
        condition: and

      - type: status
        status:
          - 200
# digest: 490a0046304402203d600b39b1e1c62a3ded3426a4bb998cb0a5ebcb957f3a8d87739238353087a70220577abf909ee3b469be0ec9f0ccdcba4a19fa243417cba4051a1bf0e2cd2a774d:922c64590222798bb761d5b6d8e72950