admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-02-04 09:43:40 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
fafd43e0906b5bef4b052dac68cc91bf78e6d87b
nuclei-templates/misconfiguration/java-melody-exposed.yaml
socketz c766a8454d Fixed yaml linting errors
2021-08-25 14:09:42 +02:00

27 lines
897 B
YAML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
id: java-melody-exposed
info:
name: JavaMelody Monitoring Exposed
author: dhiyaneshDK,thomas_from_offensity
severity: medium
description: JavaMelody is a tool used to monitor Java or Java EE applications in QA and production environments. JavaMelody was detected on this web application. One option in the dashboard is to “View http sessions”. This can be used by an attacker to steal a users session.
reference:
- https://www.acunetix.com/vulnerabilities/web/javamelody-publicly-accessible/
- https://github.com/javamelody/javamelody/wiki/UserGuide#16-security
tags: config,java,javamelody
requests:
- method: GET
path:
- '{{BaseURL}}/monitoring'
- '{{BaseURL}}/..%3B/monitoring'
matchers-condition: and
matchers:
- type: word
words:
- 'Monitoring JavaMelody on'
- type: status
status:
- 200
Reference in New Issue View Git Blame Copy Permalink