wowcms-installer: WoW CMS Installer Exposure

漏洞描述

PoC代码[已公开]

id: wowcms-installer

info:
  name: WoW CMS Installer Exposure
  author: ritikchaddha
  severity: high
  description: WoW CMS is susceptible to the Installation page exposure due to misconfiguration.
  metadata:
    verified: true
    max-request: 1
    shodan-query: title:"WoW-CMS | Installation"
    fofa-query: title="WoW-CMS | Installation"
  tags: misconfig,wowcms,install,exposure,vuln

http:
  - method: GET
    path:
      - '{{BaseURL}}/install/index.php'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '<title>WoW-CMS | Installation'
          - 'WoW-CMS installer page'
        condition: or

      - type: status
        status:
          - 200
# digest: 4a0a0047304502204af8b88ed90c7e3734698e43f4edd7c56046e00e64d6d021d9a858eaf84acbe6022100a83119cc0c990d82ed9f4459ec7264dcf9c0c135a4f863c334bc272dc29c8211:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• POC ambassador-api-diagnostics-exposure: Ambassador API Gateway Diagnostics - Exposure
• POC wordpress-db-exposure: WordPress Database Backup File - Exposure
• POC bash-config-exposure: Bash Configuration - Exposure
• POC codekit-config-exposure: CodeKit Configuration Exposure
• POC flow-config-exposure: Flow Configuration - Exposure
• POC glimpse-data-exposure: Glimpse Diagnostics - Sensitive Data Exposure
• POC jfrog-artifactory-build-exposure: JFrog Artifactory Build - Exposure
• POC makefile-exposure: Makefile - Exposure
• POC mysql-config-exposure: MySQL Conifg - Exposure
• POC python-setup-config: Python Setup Configuration - Exposure
• POC rexify-config-exposure: Rexify Configuration - Exposure
• POC smtp-credentials-exposure: SMTP Credentials Exposure - Detection
• POC jolokia-config-exposure: Jolokia Configuration - Exposure