unauth-munin: Munin Monitoring Dashboard - Exposure

日期: 2025-12-12 | 影响软件: Munin Monitoring Dashboard | POC: 已公开

漏洞描述

Detected Munin monitoring dashboard, exposing system metrics and server statistics.

PoC代码[已公开]

id: unauth-munin

info:
  name: Munin Monitoring Dashboard - Exposure
  author: 0x_Akoko
  severity: medium
  description: |
    Detected Munin monitoring dashboard, exposing system metrics and server statistics.
  reference:
    - https://munin-monitoring.org/
  metadata:
    verified: true
    max-request: 2
    shodan-query: http.title:"Munin"
    fofa-query: title="Munin"
  tags: exposure,munin,monitoring,misconfig,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}"
      - "{{BaseURL}}/munin/"

    stop-at-first-match: true

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(tolower(body), "<title>Munin")'
          - 'contains_all(body, "Munin", "Overview", "munin-monitoring")'
        condition: and
# digest: 490a004630440220399f230471d8bd17c737d2a0c79762ddab5b8dabb45db8bd5066f4408d24499402206299ab0fa07bcbe45dc99d17a0b75f083fef08870655c2e1bba76d78a37afe59:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/misconfiguration/unauth-munin.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐