nuclei-templates/http/misconfiguration/php/php-composer-binary.yaml

33 lines
920 B
YAML
Raw Normal View History

2023-11-27 10:35:58 +00:00
id: php-composer-binary
info:
2024-01-02 15:32:35 +00:00
name: PHP Composer Binary - Exposure
2023-11-27 10:35:58 +00:00
author: mayank_pandey01
severity: info
description: |
2024-01-02 15:32:35 +00:00
This Nuclei template checks if the specified endpoints have publically accessible PHP Composer Binary.
2023-11-27 10:35:58 +00:00
remediation: |
Restrict access to the PHP Composer binary by implementing proper access controls and permissions.
metadata:
verified: true
max-request: 1
tags: php,composer,exposure
2023-11-27 10:35:58 +00:00
http:
- method: GET
path:
- "{{BaseURL}}/composer"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "/usr/bin/env php"
2024-01-02 15:32:35 +00:00
- "<?php"
condition: and
2023-11-27 10:35:58 +00:00
- type: status
status:
- 200
# digest: 4b0a00483046022100edb18d217d04ecd7c1a09a505b6e3b17a6a7d8c0ab8b615fefc1bd672941cd18022100cca4fbffd08a307dd320e935ecfefbf50fca6dfb1ab42a6f16422d3dd124e06b:922c64590222798bb761d5b6d8e72950