daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/misconfiguration/apache-filename-brute-force...

30 lines
796 B
YAML
Raw Normal View History

Create apache-filename-brute-force.yaml
2021-05-12 20:30:15 +00:00
id: apache-filename-brute-force
info:
name: Apache Filename Brute Force
author: geeknik
description: If the client provides an invalid Accept header, the server will respond with a 406 Not Acceptable error containing a pseudo directory listing.
Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string Related nuclei tickets: * #259 - dynamic key-value field support for template information * #940 - new infos in template * #834 * RES-84
2021-08-18 11:37:49 +00:00
reference:
Create apache-filename-brute-force.yaml
2021-05-12 20:30:15 +00:00
- https://hackerone.com/reports/210238
- https://www.acunetix.com/vulnerabilities/web/apache-mod_negotiation-filename-bruteforcing/
severity: low
tags: apache
Update apache-filename-brute-force.yaml
2021-05-12 20:31:52 +00:00
Create apache-filename-brute-force.yaml
2021-05-12 20:30:15 +00:00
requests:
- method: GET
headers:
Accept: "fake/value"
path:
- "{{BaseURL}}/index"
Update apache-filename-brute-force.yaml
2021-05-12 20:31:52 +00:00
Create apache-filename-brute-force.yaml
2021-05-12 20:30:15 +00:00
matchers-condition: and
matchers:
- type: status
status:
- 406
- type: word
words:
- "Not Acceptable"
- "Available variants:"
- "<address>Apache Server at"
condition: and