Exposed Browserless debugger

ID: browserless-debugger

Severity: medium

Author: ggranjus

Tags: browserless,unauth,debug,misconfig

Description

Browserless instance can be used to make web requests. May worth checking /workspace for juicy files.

YAML Source

id: browserless-debugger

info:
  name: Exposed Browserless debugger
  author: ggranjus
  severity: medium
  description: Browserless instance can be used to make web requests. May worth checking /workspace for juicy files.
  reference:
    - https://docs.browserless.io/docs/docker.html#securing-your-instance
  classification:
    cpe: cpe:2.3:a:browserless:chrome:*:*:*:*:node.js:*:*:*
  metadata:
    max-request: 1
    vendor: browserless
    product: chrome
    shodan-query: http.title:"browserless debugger"
  tags: browserless,unauth,debug,misconfig

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<title>browserless debugger</title>"
          - "<code>Click the ► button to run your code.</code>"
        condition: or

      - type: status
        status:
          - 200
# digest: 490a004630440220608079abff15319c244b70860ddabfe73e5657b7d31af7cc83c05ab4aabc2aa002201f4c016d61c1019acc06bf1046e38e9b36d8f3f1b38c6d2a05bb2d8a1c6b2012:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/misconfiguration/browserless-debugger.yaml"

View on Github