Nginx Dashboard

What is the "Nginx Dashboard?"

The "Nginx Dashboard" module is designed to detect misconfigurations in Nginx, a popular web server software. It targets the Nginx dashboard and checks for unrestricted access vulnerabilities. This module has a low severity level and was authored by BibekSapkota (sar00n).

Impact

If the Nginx dashboard is misconfigured and allows unrestricted access, it can pose a security risk. Attackers may gain unauthorized access to sensitive information or perform malicious actions on the server.

How the module works?

The "Nginx Dashboard" module works by sending a GET request to the "/dashboard.html" path of the target server. It then applies matching conditions to determine if the Nginx dashboard is accessible and if the response status is 200 (OK). The module uses the following matching conditions:

- Matcher 1: It checks if the response contains the phrase "Nginx+ Dashboard". - Matcher 2: It verifies if the response status is 200.

If both matching conditions are met, the module reports a potential misconfiguration in the Nginx dashboard.

Reference:

- https://www.acunetix.com/vulnerabilities/web/unrestricted-access-to-nginx-dashboard/

Metadata:

max-request: 1

shpdan-query: html:"NGINX+ Dashboard"