Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Nginx Dashboard" module is designed to detect misconfigurations in Nginx, a popular web server software. It targets the Nginx dashboard and checks for unrestricted access vulnerabilities. This module has a low severity level and was authored by BibekSapkota (sar00n).
If the Nginx dashboard is misconfigured and allows unrestricted access, it can pose a security risk. Attackers may gain unauthorized access to sensitive information or perform malicious actions on the server.
The "Nginx Dashboard" module works by sending a GET request to the "/dashboard.html" path of the target server. It then applies matching conditions to determine if the Nginx dashboard is accessible and if the response status is 200 (OK). The module uses the following matching conditions:
- Matcher 1: It checks if the response contains the phrase "Nginx+ Dashboard". - Matcher 2: It verifies if the response status is 200.If both matching conditions are met, the module reports a potential misconfiguration in the Nginx dashboard.
Reference:
- https://www.acunetix.com/vulnerabilities/web/unrestricted-access-to-nginx-dashboard/
Metadata:
max-request: 1
shpdan-query: html:"NGINX+ Dashboard"