Added Claris FileMaker Server Admin Console Panel Detection Template

[Eren-Akdag]

PR Information

Added: Detection template for the Claris FileMaker Server Admin Console exposed panel.

Claris FileMaker Server ships with a web-based Admin Console (/admin-console/signin) built as an Angular SPA. This interface is used by administrators to host/manage databases, configure SSL certificates, monitor connected clients, create backup schedules, and control server-wide settings. When publicly reachable without network-level access controls, this panel becomes a direct attack surface for credential brute-forcing, session exploitation, and reconnaissance.

This template detects the exposed panel and complements the existing claris-filemaker-webdirect template — same product family, different exposed endpoint.

---

Template validation

• Validated with a host running a vulnerable version and/or configuration (True Positive)
• Validated with a host running a patched version and/or configuration (avoid False Positive)

Additional Details

Detection logic: The template sends a single GET /admin-console/signin request and validates:

1. Response body contains <title>Claris FileMaker Server Admin Console</title> — unique to this product, consistent across all versions and locales (en-US, zh-TW, ja-JP)
2. Response Content-Type header contains text/html — guards against false positives from non-HTML endpoints
3. HTTP status code is 200

---

Example HTTP Request:

GET /admin-console/signin HTTP/1.1
Host: REDACTED:16000
User-Agent: Mozilla/5.0 (compatible)
Accept-Encoding: gzip, deflate
Connection: close

Example HTTP Response:

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 4312

<!DOCTYPE html><html><head>
  <meta charset="utf-8">
  <title>Claris FileMaker Server Admin Console</title>
  <base href="/admin-console/">
  <meta name="viewport" content="width=1000, initial-scale=1, ...">
  <link rel="icon" type="image/x-icon" href="/admin-console/assets/favicon.ico">
  <script>
    var SERVER_LOCALE = 'en-US';
  </script>
  <noscript>
    <div id="noscript">
      Claris FileMaker Server Admin Console requires JavaScript to be enabled in your browser.
    </div>
  </noscript>
  ...
  <app-root><div class="fm-overlay"><div class="fm-spinner"></div></div></app-root>
</html>

---

Discovery queries:

Engine	Query
Shodan	http.title:"Claris FileMaker Server Admin Console"
Fofa	title="Claris FileMaker Server Admin Console"
Google	intitle:"Claris FileMaker Server Admin Console"

---

Bulk scan results across multiple targets (host information redacted):

---

How to Reproduce:

nuclei -t http/exposed-panels/claris-filemaker-admin-console.yaml -u https://REDACTED

Output:

[INF] Templates loaded for current scan: 1
[INF] Targets loaded for current scan: 1

[claris-filemaker-admin-console] [http] [info] https://REDACTED/admin-console/signin

[INF] Scan completed in 1.243s. 1 matches found.

---

Additional References:

• Nuclei Template Creation Guideline
• Nuclei Template Matcher Guideline
• Nuclei Template Contribution Guideline
• PD-Community Discord server

[neo-by-projectdiscovery-dev]

Neo - Nuclei Template Review

No security issues found

Highlights

• Adds detection template for Claris FileMaker Server Admin Console exposed at /admin-console/signin
• Uses 3 matchers (title tag, Content-Type header, HTTP 200 status) to minimize false positives
• Includes comprehensive metadata with verified:true flag and search engine queries (Shodan, FOFA, Google)
• Complements existing claris-filemaker-webdirect.yaml template for the same product family

_{Comment @neo help for available commands. · Open in Neo}