search

projectdiscovery / nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.
https://github.com/projectdiscovery/nuclei
MIT License
9.29k stars 2.64k forks source link

OpenStack Stats Exposed #7762

Closed MayankPandey01 closed 1 year ago

MayankPandey01 commented 1 year ago

Template Information:

This Template scans for the /info path on the domains, In some web apps on which the Swift object storage system is hosted, the /info or /v1/info endpoint exposes the stats page.

Reference: https://docs.openstack.org/python-cloudkittyclient/stein/api_reference/info.html

Nuclei Template:

id: openstack-info

info:
  name: Exposed Configuration or settings related to the Swift object storage system
  author: Mayank Pandey (mayank_pandey01)
  severity: medium
  tags: openstack,exposure,misconfig
  metadata:
    max-request: 1

http:
  - method: GET
    path:
      - "{{BaseURL}}/info"
      - "{{BaseURL}}/v1/info"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - formpost
          - policies
          - swiftstack_authen
        condition: and

      - type: word
        part: header
        words:
          - 'application/json'

      - type: status
        status:
          - 200

Response Model

{"formpost": {}, "bulk_delete": {"max_failed_deletes": 1000, "max_deletes_per_request": 10000}, "versioned_writes": {"allowed_flags": ["x-versions-location", "x-history-location"]}, "bulk_upload": {"max_failed_extractions": 1000, "max_containers_per_extraction": 10000}, "tempurl": {"outgoing_remove_headers": ["x-object-meta-*"], "methods": ["GET", "HEAD", "POST", "PUT", "DELETE"], "incoming_remove_headers": ["x-timestamp"], "allowed_digests": ["sha1", "sha256", "sha512"], "outgoing_allow_headers": ["x-object-meta-public-*"], "incoming_allow_headers": []}, "s3api": {"max_upload_part_num": "100000", "allow_multipart_uploads": "True", "max_bucket_listing": "1000", "s3_acl": "False", "min_segment_size": 5242880, "max_parts_listing": "1000", "max_multi_delete_objects": "1000"},

image

ritikchaddha commented 1 year ago

Hello @MayankPandey01, thank you so much for sharing this template with the community and contributing to this project 🍻

You can join our discord server. It's a great place to connect with fellow contributors and stay updated with the latest developments. Thank you once again