2023-05-14 19:32:22 +00:00
|
|
|
id: config-properties
|
2023-05-14 11:27:37 +00:00
|
|
|
|
|
|
|
|
info:
|
2023-05-14 19:32:48 +00:00
|
|
|
name: Config Properties Exposure
|
2023-05-14 19:32:22 +00:00
|
|
|
author: j4vaovo,DhiyaneshDK
|
|
|
|
|
severity: high
|
2023-12-22 09:44:59 +00:00
|
|
|
description: Config Properties were exposed.
|
2023-05-14 19:32:22 +00:00
|
|
|
reference:
|
|
|
|
|
- https://twitter.com/win3zz/status/1657624974851702784/photo/1
|
2023-05-14 11:27:37 +00:00
|
|
|
metadata:
|
2023-06-04 08:13:42 +00:00
|
|
|
verified: true
|
2023-05-14 19:32:22 +00:00
|
|
|
max-request: 3
|
|
|
|
|
tags: exposure,config,properties
|
2023-05-14 11:27:37 +00:00
|
|
|
|
|
|
|
|
http:
|
|
|
|
|
- method: GET
|
|
|
|
|
path:
|
|
|
|
|
- "{{BaseURL}}/config.properties"
|
|
|
|
|
- "{{BaseURL}}/config.properties.bak"
|
2023-05-14 19:32:22 +00:00
|
|
|
- "{{BaseURL}}/ui_config.properties"
|
2023-05-14 11:27:37 +00:00
|
|
|
|
2023-05-14 19:32:22 +00:00
|
|
|
stop-at-first-match: true
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-05-14 11:27:37 +00:00
|
|
|
matchers-condition: and
|
|
|
|
|
matchers:
|
|
|
|
|
- type: regex
|
|
|
|
|
part: body
|
|
|
|
|
regex:
|
|
|
|
|
- 'jdbc:[a-z:]+://[A-Za-z0-9\.\-_:;=/@?,&]+'
|
|
|
|
|
- '((?i)password|pwd|pass|secretkey)='
|
|
|
|
|
condition: or
|
|
|
|
|
|
|
|
|
|
- type: word
|
|
|
|
|
part: header
|
|
|
|
|
words:
|
|
|
|
|
- "text/plain"
|
|
|
|
|
- "bytes"
|
|
|
|
|
condition: or
|
2023-05-14 19:32:22 +00:00
|
|
|
|
2023-05-16 20:07:28 +00:00
|
|
|
- type: word
|
|
|
|
|
part: header
|
|
|
|
|
words:
|
|
|
|
|
- "text/html"
|
|
|
|
|
negative: true
|
|
|
|
|
|
2023-05-14 19:32:22 +00:00
|
|
|
- type: status
|
|
|
|
|
status:
|
|
|
|
|
- 200
|
2023-12-29 09:57:30 +00:00
|
|
|
# digest: 490a00463044022008273068defa1ae064f6e2ed7e5479496a02fa435bc9fed465571576ce4d69a1022043c9be145fa9b0e9b0c824b6888abf6206d6a5c06c2243b402cf9230110de83d:922c64590222798bb761d5b6d8e72950
|
