id: posteio-installer

info:
  name: First Poste.io Configuration Installation Wizard
  author: ritikchaddha
  severity: high
  description: Poste.io is susceptible to the Installation page exposure due to misconfiguration.
  metadata:
    verified: true
    max-request: 1
    shodan-query: title:"Initial server configuration"
  tags: misconfig,exposure,install,poste

http:
  - method: GET
    path:
      - "{{BaseURL}}/admin/install/server"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<title>Initial server configuration"
          - "Generate</button>"
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100a1aac8072fb77a40077562b00b7aad3e25329acd6fc9a42d318d1e0f0e3b30c3022028e17ad97073966c0b59c4fa85bb540a6c54b0d0ca0eb3a624b98cc5b72a65d0:922c64590222798bb761d5b6d8e72950