nuclei-templates/misconfiguration/service-pwd.yaml

id: service-pwd
info:
  name: Service password file
  author: pussycat0x
  severity: high
  description: Searches for sensitive service.pwd file.
  reference: https://www.exploit-db.com/ghdb/7256
  tags: exposure,listing

requests:
  - method: GET
    path:
      - "{{BaseURL}}/_vti_pvt/service.pwd"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "# -FrontPage-"
        part: body

      - type: status
        status:
          - 200
Update and rename service-pwd-expose.yaml to service-pwd.yaml 2021-09-18 06:41:19 +00:00			`id: service-pwd`
Add files via upload 2021-09-18 05:08:21 +00:00			`info:`
Update and rename service-pwd-expose.yaml to service-pwd.yaml 2021-09-18 06:41:19 +00:00			`name: Service password file`
Add files via upload 2021-09-18 05:08:21 +00:00			`author: pussycat0x`
Update service-pwd-expose.yaml 2021-09-18 06:38:32 +00:00			`severity: high`
			`description: Searches for sensitive service.pwd file.`
Add files via upload 2021-09-18 05:08:21 +00:00			`reference: https://www.exploit-db.com/ghdb/7256`
Update service-pwd-expose.yaml 2021-09-18 06:33:17 +00:00			`tags: exposure,listing`

Add files via upload 2021-09-18 05:08:21 +00:00			`requests:`
			`- method: GET`
			`path:`
Update service-pwd-expose.yaml 2021-09-18 06:38:32 +00:00			`- "{{BaseURL}}/_vti_pvt/service.pwd"`
Update service-pwd-expose.yaml 2021-09-18 06:33:17 +00:00
Add files via upload 2021-09-18 05:08:21 +00:00			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`words:`
Update service-pwd-expose.yaml 2021-09-18 06:38:32 +00:00			`- "# -FrontPage-"`
			`part: body`
Update service-pwd-expose.yaml 2021-09-18 06:33:17 +00:00
Add files via upload 2021-09-18 05:08:21 +00:00			`- type: status`
			`status:`
Update service-pwd-expose.yaml 2021-09-18 06:33:17 +00:00			`- 200`