xymon-exposure: Xymon - Exposure

漏洞描述

PoC代码[已公开]

id: xymon-exposure

info:
  name: Xymon - Exposure
  author: theamanrawat
  severity: low
  description: |
    Detected the exposure of the Xymon monitoring system interface.
  reference:
    - https://xymon.com/
  metadata:
    shodan-query: http.title:"Xymon"
  tags: xymon,exposure,monitoring,panel

http:
  - method: GET
    path:
      - "{{BaseURL}}/xymon/"
      - "{{BaseURL}}/xymon-se/xymon/"

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "Xymon"
          - "xymon-se"
          - "xymon-cgi"
        condition: and

      - type: word
        part: header
        words:
          - "text/html"

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100af180bb496af5b27120760f2115f7866aadc40443123072508390d83bb22e008022100972d9e1acdd7388fb401333ecc092b635c7937e205ff6718bbb3f2bbbf8cf065:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• POC CVE-2020-15081: PrestaShop < 1.7.6.6 - Information Exposure via Upload Directory
• POC polycom-hdx-web-exposure: Polycom HDX - Web Interface Exposure
• POC freshrss-api: FreshRSS Google Reader API Exposure
• POC azure-functions-hostjson-exposure: Azure Functions host.json Configuration Exposure
• POC ovhcloud-backup-config: OVHcloud Backup Configuration - Exposure
• POC php-prober-exposure: PHP Prober - Exposure
• POC symfony-lock-exposure: Symfony Lock File - Exposure
• POC wordpress-wp-env-exposure: WordPress Configuration wp-env - Exposure
• POC zipkin-config-exposure: Zipkin Configuration - Exposure
• POC aspnet-launchsettings-exposure: ASP.NET Launch Settings - Exposure
• POC dot-credentials-exposure: Dot Credentials - Exposure
• POC redmine-issues-exposure: Redmine Issues - Exposure
• POC rubygems-credentials-exposure: Ruby Gem::ConfigFile Credential - Exposure