Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Nginx Dashboard

By kannthu

Low
Vidoc logoVidoc Module
#misconfig#nginx
Description

What is the "Nginx Dashboard?"

The "Nginx Dashboard" module is designed to detect misconfigurations in Nginx, a popular web server software. It targets the Nginx dashboard and checks for unrestricted access vulnerabilities. This module has a low severity level and was authored by BibekSapkota (sar00n).

Impact

If the Nginx dashboard is misconfigured and allows unrestricted access, it can pose a security risk. Attackers may gain unauthorized access to sensitive information or perform malicious actions on the server.

How the module works?

The "Nginx Dashboard" module works by sending a GET request to the "/dashboard.html" path of the target server. It then applies matching conditions to determine if the Nginx dashboard is accessible and if the response status is 200 (OK). The module uses the following matching conditions:

- Matcher 1: It checks if the response contains the phrase "Nginx+ Dashboard". - Matcher 2: It verifies if the response status is 200.

If both matching conditions are met, the module reports a potential misconfiguration in the Nginx dashboard.

Reference:

- https://www.acunetix.com/vulnerabilities/web/unrestricted-access-to-nginx-dashboard/

Metadata:

max-request: 1

shpdan-query: html:"NGINX+ Dashboard"

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/dashboard.html
Matching conditions
word: Nginx+ Dashboardand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability