webtrees-install: WebTrees Exposed Installation

漏洞描述

PoC代码[已公开]

id: webtrees-install

info:
  name: WebTrees Exposed Installation
  author: ritikchaddha
  severity: high
  description: WebTrees is susceptible to the Installation page exposure due to misconfiguration.
  classification:
    cpe: cpe:2.3:a:webtrees:webtrees:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: webtrees
    product: webtrees
    shodan-query: title:"Setup wizard for webtrees"
  tags: misconfig,webtrees,install,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '<title>Setup wizard for webtrees'

      - type: status
        status:
          - 200
# digest: 490a00463044022028396d42e9b5baccbda2612e6d4da91d323814de800d125d1e9ab559c1c4378f022017d3eab4d6949547fa9e07d067f1e0b2ff6bd02c015ae7fdbcc752b379fe749f:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• POC vtigercrm-exposed-directory: Vtiger CRM - Exposed Directory
• wordpress-install: WordPress Exposed Installation
• POC CVE-2020-13937: Apache Kylin - Exposed Configuration File
• POC CVE-2024-11972: Hunk Companion < 1.9.0 - Unauthenticated Plugin Installation
• POC CVE-2024-9707: Hunk Companion <= 1.8.4 - Arbitrary Plugin Installation
• POC CVE-2020-13937: Apache Kylin Exposed Configuration File
• POC public-actiontrail-bucket: ActionTrail Log Buckets - Publicly Exposed
• POC sqs-queue-exposed: SQS Queue Exposed
• POC vpc-endpoint-exposed: Exposed VPC Endpoint
• POC azure-functionapp-public-exposure: Exposed Azure Functions
• POC javamelody-detect: JavaMelody Monitoring Exposed
• POC kubernetes-metrics: Detect Kubernetes Exposed Metrics
• POC avideo-install: AVideo Installer - Detect