wamp-server-configuration: default-wamp-server-page

漏洞描述

PoC代码[已公开]

id: wamp-server-configuration

info:
  name: default-wamp-server-page
  author: pussycat0x
  severity: medium
  description: Wamp default page will expose sensitive configuration and vhosts.
  reference:
    - https://www.exploit-db.com/ghdb/6891.
  metadata:
    max-request: 1
  tags: wamp,exposure,misconfig,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - 'contains(tolower(body), "wampserver")'

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100ba1d48ede60c18640be499b2f1d9ec88669601e04c7137e4e78e9a788d215f3f022100bcb283ffeadcb5913342a792e799f8e038e9e0cf51fc7ca6a00a6dffcb18c44f:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• 锐捷EWEB路由器 /ddi/server/dns.php 文件读取漏洞
• 锐捷EWEB路由器 /ddi/server/fileupload.php 文件上传漏洞
• 万户ezOFFICE协同管理平台 /defaultroot/modules/govoffice/gov_documentmanager/receivefile_gd.jsp;.js SQL 注入漏洞
• POC openwebui-default-login: Open WebUI - Default Login
• POC vtigercrm-default-login: Vtiger CRM - Default Login
• POC erpnext-default-login: ERPNext - Default Login
• 万户ezOFFICE协同管理平台 /defaultroot/platform/custom/customizecenter/js/getAutoCode.jsp;.js SQL 注入漏洞
• MapTiler-Tileserver-php /tileserver.php/x/1/1/1 目录遍历漏洞（CVE-2025-44137）
• POC CVE-2025-31486: Vite server.fs.deny Bypass - Local File Inclusion
• POC CVE-2025-44136: MapTiler Tileserver-php v2.0 - Unauthenticated XSS
• POC CVE-2025-44137: MapTiler Tileserver-php v2.0 - Unauthenticated File Read
• POC churchcrm-default-login: ChurchCRM - Default Login
• 万户ezOFFICE协同平台 /defaultroot/iWebOfficeSign/OfficeServer.jsp/../../modules/hrm/report/customize/checkSQL_httprequest.jsp SQL 注入漏洞