nuclei-templates/misconfiguration/apache-tomcat-snoop.yaml

id: apache-tomcat-snoop

info:
  name: Apache Tomcat example page disclosure - snoop
  author: pdteam
  severity: low
  description: The following example scripts that come with Apache Tomcat v4.x - v7.x and can be used by attackers to gain information about the system. These scripts are also known to be vulnerable to cross site scripting (XSS) injection.

  # Reference:- https://www.rapid7.com/db/vulnerabilities/apache-tomcat-example-leaks

requests:
  - method: GET
    path:
      - "{{BaseURL}}/examples/jsp/snp/snoop.jsp"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - 'Request URI: /examples/jsp/snp/snoop.jsp'

      - type: status
        status:
          - 200
Adding apache-tomcat-snoop example page 2020-11-16 14:00:33 +00:00			`id: apache-tomcat-snoop`

			`info:`
			`name: Apache Tomcat example page disclosure - snoop`
			`author: pdteam`
			`severity: low`
			`description: The following example scripts that come with Apache Tomcat v4.x - v7.x and can be used by attackers to gain information about the system. These scripts are also known to be vulnerable to cross site scripting (XSS) injection.`

			`# Reference:- https://www.rapid7.com/db/vulnerabilities/apache-tomcat-example-leaks`

			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/examples/jsp/snp/snoop.jsp"`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`words:`
			`- 'Request URI: /examples/jsp/snp/snoop.jsp'`

			`- type: status`
			`status:`
			`- 200`