Merge pull request #9746 from projectdiscovery/Paolo-Serra-3d8bAU7Fq6…

…Pp8JQq4gdpWx Added template for unigui-server-monitor-exposure
projectdiscovery · May 12, 2024 · 787dffe · 787dffe
2 parents ed6d051 + 89ffcb5
commit 787dffe
Showing 1 changed file with 35 additions and 0 deletions.
diff --git a/http/misconfiguration/unigui-server-monitor-exposure.yaml b/http/misconfiguration/unigui-server-monitor-exposure.yaml
@@ -0,0 +1,35 @@
+id: unigui-server-monitor-exposure
+
+info:
+  name: UniGUI Server Monitor Panel - Exposure
+  author: serrapa
+  severity: low
+  description: |
+    Detects exposed UniGUI Server Monitor Panels which could reveal sensitive server statistics, users sessions, licensing information and others data.
+  reference:
+    - https://www.unigui.com/doc/online_help/using-server-monitor-(server-c.htm
+  metadata:
+    verified: true
+    max-request: 1
+    shodan-query: title:"uniGUI"
+    fofa-query: title="uniGUI"
+  tags: exposure,unigui,misconfig
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/server"
+
+    matchers-condition: and
+    matchers:
+      - type: dsl
+        dsl:
+          - 'contains_any(body, "uniGUI Standalone Server", "uniGUI License Information", "Server Statistics")'
+          - 'status_code == 200'
+        condition: and
+
+      - type: dsl
+        dsl:
+          - 'contains(body, "layout:\"fit\",title:\"uniGUI Standalone Server\"")'
+          - 'contains(body, "layout:\"absolute\",title:\"Server Statistics\"")'
+        condition: or