unigui-server-monitor-exposure: UniGUI Server Monitor Panel - Exposure

日期: 2025-08-01 | 影响软件: UniGUI Server Monitor Panel | POC: 已公开

漏洞描述

Detects exposed UniGUI Server Monitor Panels which could reveal sensitive server statistics, users sessions, licensing information and others data.

PoC代码[已公开]

id: unigui-server-monitor-exposure

info:
  name: UniGUI Server Monitor Panel - Exposure
  author: serrapa
  severity: low
  description: |
    Detects exposed UniGUI Server Monitor Panels which could reveal sensitive server statistics, users sessions, licensing information and others data.
  reference:
    - https://www.unigui.com/doc/online_help/using-server-monitor-(server-c.htm
  metadata:
    verified: true
    max-request: 1
    shodan-query: title:"uniGUI"
    fofa-query: title="uniGUI"
  tags: exposure,unigui,misconfig,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/server"

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - 'contains_any(body, "uniGUI Standalone Server", "uniGUI License Information", "Server Statistics")'
          - 'status_code == 200'
        condition: and

      - type: dsl
        dsl:
          - 'contains(body, "layout:\"fit\",title:\"uniGUI Standalone Server\"")'
          - 'contains(body, "layout:\"absolute\",title:\"Server Statistics\"")'
        condition: or
# digest: 4a0a00473045022021f4ace1f839cc1b5367a7bad81d4dbfb3138a10b026b0de142d43ca92c4e5af022100a6c946574c1786c82167f9556928093de7fafb4b4e6dc72601c4c3583bdfe770:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/misconfiguration/unigui-server-monitor-exposure.yaml