sumowebtools-installer: SumoWebTools Installer Exposure

漏洞描述

PoC代码[已公开]

id: sumowebtools-installer

info:
  name: SumoWebTools Installer Exposure
  author: DhiyaneshDk
  severity: high
  description: SumoWebTools is susceptible to the Installation page exposure due to misconfiguration.
  metadata:
    verified: true
    max-request: 1
    shodan-query: title:"SumoWebTools Installer"
  tags: misconfig,sumowebtools,install,exposure,vuln

http:
  - method: GET
    path:
      - '{{BaseURL}}/install'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'SumoWebTools Installer'
          - 'configure'
        condition: and

      - type: word
        part: header
        words:
          - 'text/html'

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100ec69b009c86820280aad56164e687486af73f9377573ac6534153d6ecdb8573702210099880f9d0e9d4c8d3d45b3a82252ea0018b32610d1e2584269cbe6df6ec4b04d:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• POC CVE-2025-11749: WordPress AI Engine Plugin - Token Exposure
• POC cockroachdb-unauth-exposure: CockroachDB Unauthenticated Console Exposure
• POC CVE-2025-55190: ArgoCD Project API Token Repository Credentials Exposure
• POC CVE-2025-9985: Featured Image from URL (FIFU) <= 5.2.7 - Unauthenticated Information Exposure via Log File
• POC churchcrm-installer: ChurchCRM - Setup Exposure
• POC CVE-2017-17736: Kentico - Installer Privilege Escalation
• POC CVE-2017-8229: Amcrest IP Camera Web Management - Data Exposure
• POC CVE-2018-12634: CirCarLife Scada <4.3 - System Log Exposure
• POC CVE-2018-7251: Anchor CMS 0.12.3 - Error Log Exposure
• POC CVE-2019-10405: Jenkins <=2.196 - Cookie Exposure
• POC CVE-2019-11248: Debug Endpoint pprof - Exposure Detection
• POC CVE-2020-27838: KeyCloak - Information Exposure
• POC CVE-2021-20114: TCExam <= 14.8.1 - Sensitive Information Exposure