daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/exposures/files/secrets-file.yaml

49 lines
1.2 KiB
YAML
Raw Normal View History

Update secrets-file.yaml
2022-07-04 19:11:27 +00:00
id: ruby-secrets-file
Create secrets-file.yaml
2022-07-04 19:09:01 +00:00
info:
Update secrets-file.yaml
2022-07-04 19:11:27 +00:00
name: Ruby on Rails secrets.yml File Exposure
Create secrets-file.yaml
2022-07-04 19:09:01 +00:00
author: DhiyaneshDK
severity: high
Updated descriptions of template
2024-01-02 16:16:15 +00:00
description: Ruby on Rails internal secret file is exposed.
Create secrets-file.yaml
2022-07-04 19:09:01 +00:00
reference: https://www.exploit-db.com/ghdb/6283
metadata:
Update secrets-file.yaml
2022-07-05 04:24:33 +00:00
verified: true
templateman update
2023-10-14 11:27:55 +00:00
max-request: 4
Replace google-dork with google-query in all templates (#5328) * dos2unix to standardize line endings * Replace google-dork with google-query
2022-09-08 22:39:14 +00:00
google-query: intitle:"index of" "secrets.yml"
revert df937f18b85cfd45c12ddcd22ff21b78f5843593
2023-06-30 22:14:21 +00:00
tags: cloud,devops,files,exposure,misconfig
Create secrets-file.yaml
2022-07-04 19:09:01 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-04-27 04:28:59 +00:00
http:
Create secrets-file.yaml
2022-07-04 19:09:01 +00:00
- method: GET
path:
- "{{BaseURL}}/secrets.yml"
- "{{BaseURL}}/config/secrets.yml"
- "{{BaseURL}}/test/config/secrets.yml"
- "{{BaseURL}}/redmine/config/secrets.yml"
stop-at-first-match: true
templateman update
2023-10-14 11:27:55 +00:00
Create secrets-file.yaml
2022-07-04 19:09:01 +00:00
matchers-condition: and
matchers:
Update secrets-file.yaml
2022-07-05 04:07:53 +00:00
- type: regex
regex:
- 'secret_key_base: ([a-z0-9]+)'
Create secrets-file.yaml
2022-07-04 19:09:01 +00:00
- type: word
Update secrets-file.yaml
2022-07-05 04:07:53 +00:00
part: header
Create secrets-file.yaml
2022-07-04 19:09:01 +00:00
words:
Update secrets-file.yaml
2022-07-05 04:07:53 +00:00
- "application/json"
- "text/html"
negative: true
condition: and
Create secrets-file.yaml
2022-07-04 19:09:01 +00:00
- type: status
status:
- 200
Update secrets-file.yaml
2022-07-05 04:07:53 +00:00
extractors:
- type: regex
part: body
group: 1
regex:
- 'secret_key_base: ([a-z0-9]+)'
Auto Template Signing [Mon Jan 15 11:49:24 UTC 2024] :robot:
2024-01-15 11:49:24 +00:00
# digest: 4a0a004730450221008f3c78e37d6034c88fc8a231da592e10d3f0dd3cffc406c8f8ce4b3bb86ccf7802201eb77dae641b3f6691653ae35bfe9c03af2cc9716703b1d9288c516869363fbb:922c64590222798bb761d5b6d8e72950