unauthenticated-glances: Glances Unauthenticated Panel

日期: 2025-08-01 | 影响软件: Glances | POC: 已公开

漏洞描述

Glance running web server mode & Unauthenticated leads system monitoring to info disclosure

PoC代码[已公开]

id: unauthenticated-glances

info:
  name: Glances Unauthenticated Panel
  author: remonsec
  severity: low
  description: Glance running web server mode & Unauthenticated leads system monitoring to info disclosure
  reference:
    - https://glances.readthedocs.io/en/latest/quickstart.html#how-to-protect-your-server-or-web-server-with-a-login-password
  metadata:
    max-request: 1
  tags: exposure,glances,misconfig,vuln

http:
  - method: GET
    path:
      - '{{BaseURL}}'

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        part: body
        words:
          - "<title>Monitor</title>"
# digest: 4b0a00483046022100dfcf1a3b1cf0194885a44797875fa000f410044443442dc966955264e8a9723c022100bf3f1234ced62760f208e0fa7867607adfb9a8693fbce15454cefa4190efa093:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/misconfiguration/unauthenticated-glances.yaml

相关漏洞推荐