saltbo-zpan-installer: Saltbo/zpan Installer - Exposure

日期: 2025-08-01 | 影响软件: Saltbo zpan installer | POC: 已公开

漏洞描述

Detects the exposure of the Saltbo/zpan installer page, which could allow unauthorized setup or reinstallation of the application.

PoC代码[已公开]

id: saltbo-zpan-installer

info:
  name: Saltbo/zpan Installer - Exposure
  author: ritikchaddha
  severity: high
  description: |
    Detects the exposure of the Saltbo/zpan installer page, which could allow unauthorized setup or reinstallation of the application.
  reference:
    - https://github.com/saltbo/zpan
  metadata:
    verified: true
    max-request: 2
    product: zpan
    vendor: saltbo
    fofa-query: body="zpan"
  tags: saltbo,zpan,installer,exposure,misconfig,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/api/system/options/core.email"
      - "{{BaseURL}}/install"

    matchers-condition: and
    matchers:
      - type: word
        part: body_2
        words:
          - "<title>ZPan"

      - type: word
        part: body_1
        words:
          - "system is not initialized"
# digest: 490a0046304402200fe67fc6047d95a2a655ce53eb6798aa8d6209cccbb5167e19b9c7824d64cb0e02202acea0567ab300516b89b446f77ce5434d3195e53899362b1f17e21e29542661:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/misconfiguration/installer/saltbo-zpan-installer.yaml