Neo4j Neodash Config - Exposure

ID: neo4j-neodash-config

Severity: medium

Author: icarot

Tags: config,exposure,neodash,neo4j

Description

Detects the file config.json from Neo4j Neodash web application, it contains information about DB connection with Neo4J.

YAML Source

id: neo4j-neodash-config

info:
  name: Neo4j Neodash Config - Exposure
  author: icarot
  severity: medium
  description: |
    Detects the file config.json from Neo4j Neodash web application, it contains information about DB connection with Neo4J.
  classification:
    cpe: cpe:2.3:a:neo4j:*:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    verified: true
    vendor: neo4j
    product: neodash
    shodan-query: title:"NeoDash"
  tags: config,exposure,neodash,neo4j

http:
  - method: GET
    path:
      - "{{BaseURL}}/config.json"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'standaloneHost'
          - 'standalonePort'
          - 'standaloneDatabase'
        condition: and

      - type: word
        part: header
        words:
          - 'application/json'

      - type: status
        status:
          - 200

    extractors:
      - type: json
        name: config
        part: body
        json:
          - '.standaloneDatabase,.standaloneUsername,.standalonePassword'
# digest: 4a0a00473045022100b55743bb94314ab3ee042d31972c459429cda7e1a77c35953ffea04863c3950402201c6377931f9e49bd153b73098ccfb2de8828d2184622012805a09df10e01adcd:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/exposures/configs/neo4j-neodash-config.yaml"

View on Github