Merge pull request #11045 from projectdiscovery/kh4sh3i-kXQv3ZpRfPX5Z…

…sXNKVtwpU Added template for redpanda-console-detection
projectdiscovery · Oct 23, 2024 · 66e7c5d · 66e7c5d
2 parents 1c56d8a + e14fbf3
commit 66e7c5d
Showing 1 changed file with 33 additions and 0 deletions.
diff --git a/http/misconfiguration/redpanda-console.yaml b/http/misconfiguration/redpanda-console.yaml
@@ -0,0 +1,33 @@
+id: redpanda-console
+
+info:
+  name: Redpanda Console - Exposure
+  author: kh4sh3i
+  severity: medium
+  description: |
+    Unauthorized access to the Redpanda Console could allow attackers to view or manipulate streaming data, monitor clusters, or access configuration information, leading to potential data leaks or service disruption.
+  impact: |
+    Exposing the Redpanda Console to the public can result in unauthorized access, leading to data leaks, misconfigurations, or even denial of service attacks on the streaming infrastructure.
+  reference:
+    - https://github.com/redpanda-data/console
+  metadata:
+    verified: true
+    max-request: 1
+    shodan-query: title:"Redpanda Console"
+  tags: misconfig,redpanda,console,streaming
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/overview"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "Redpanda Console"
+
+      - type: status
+        status:
+          - 200