unauthenticated-nginx-dashboard: Nginx Dashboard

日期: 2025-08-01 | 影响软件: Nginx Dashboard | POC: 已公开

漏洞描述

Nginx Dashboard is exposed.

PoC代码[已公开]

id: unauthenticated-nginx-dashboard

info:
  name: Nginx Dashboard
  author: BibekSapkota (sar00n)
  severity: low
  description: Nginx Dashboard is exposed.
  reference:
    - https://www.acunetix.com/vulnerabilities/web/unrestricted-access-to-nginx-dashboard/
  metadata:
    max-request: 1
    shodan-query: html:"NGINX+ Dashboard"
  tags: misconfig,nginx,discovery

http:
  - method: GET
    path:
      - "{{BaseURL}}/dashboard.html"

    max-size: 2048

    matchers-condition: and
    matchers:
      - type: word
        words:
          - 'Nginx+ Dashboard'

      - type: status
        status:
          - 200
# digest: 4a0a004730450220192dee564883c28804f56050def6ec4161b40ef545797c3114763a195f5b111c022100b88cbf05a8d8a0e4adec33973e9bc60f0b6fa0cfe52a7675dec08bd467dbc56f:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/misconfiguration/unauthenticated-nginx-dashboard.yaml