nuclei-templates/http/exposures/apis/wadl-api.yaml

id: wadl-api

info:
  name: WADL API - Detect
  author: 0xrudra,manuelbua
  severity: info
  description: WADL API was detected.
  reference:
    - https://github.com/dwisiswant0/wadl-dumper
    - https://www.nopsec.com/leveraging-exposed-wadl-xml-in-burp-suite/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    cvss-score: 0
    cwe-id: CWE-200
  metadata:
    max-request: 8
  tags: exposure,api

http:
  - method: GET
    path:
      - "{{BaseURL}}/application.wadl"
      - "{{BaseURL}}/application.wadl?detail=true"
      - "{{BaseURL}}/api/application.wadl"
      - "{{BaseURL}}/api/v1/application.wadl"
      - "{{BaseURL}}/api/v2/application.wadl"

    stop-at-first-match: true
    matchers:
      - name: http-get
        type: word
        words:
          - "This is simplified WADL with user and core resources only"
          - "http://jersey.java.net"
          - "http://wadl.dev.java.net/2009/02"

  - method: OPTIONS
    path:
      - "{{BaseURL}}"
      - "{{BaseURL}}/api/v1"
      - "{{BaseURL}}/api/v2"

    stop-at-first-match: true
    matchers:
      - name: http-options
        type: word
        words:
          - "This is simplified WADL with user and core resources only"
          - "http://jersey.java.net"
          - "http://wadl.dev.java.net/2009/02"

# digest: 4b0a00483046022100e2f839e3c09ac43f2fef563e3df53c2508374f88b7a6440f5b8e77a7dbefcc05022100a0f7c47efacbf012afecb48f03f8c1f63a337bf8b96061929d5a1de831f61d79:922c64590222798bb761d5b6d8e72950
moving more files around 2021-01-09 13:02:04 +00:00			`id: wadl-api`
WADL Files Detect WADL files. 2020-04-06 12:27:09 +00:00
			`info:`
Enhancement: exposures/apis/wadl-api.yaml by mp 2023-02-05 18:04:45 +00:00			`name: WADL API - Detect`
Updated author names 2021-06-09 12:20:56 +00:00			`author: 0xrudra,manuelbua`
uniform severity update 2020-08-03 21:52:00 +00:00			`severity: info`
lint fix 2023-02-06 20:43:22 +00:00			`description: WADL API was detected.`
Enhancement: exposures/apis/wadl-api.yaml by mp 2023-02-05 17:28:28 +00:00			`reference:`
			`- https://github.com/dwisiswant0/wadl-dumper`
			`- https://www.nopsec.com/leveraging-exposed-wadl-xml-in-burp-suite/`
Enhancement: exposures/apis/wadl-api.yaml by mp 2023-02-05 16:28:05 +00:00			`classification:`
			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N`
templateman update 2023-10-14 11:27:55 +00:00			`cvss-score: 0`
Enhancement: exposures/apis/wadl-api.yaml by mp 2023-02-05 16:28:05 +00:00			`cwe-id: CWE-200`
Added max request counter of each template 2023-04-28 08:11:21 +00:00			`metadata:`
			`max-request: 8`
templateman update 2023-10-14 11:27:55 +00:00			`tags: exposure,api`
:speech_balloon: Add references 2020-08-29 12:15:51 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
WADL Files Detect WADL files. 2020-04-06 12:27:09 +00:00			`- method: GET`
Update syntax 2020-05-25 08:02:27 +00:00			`path:`
WADL Files Detect WADL files. 2020-04-06 12:27:09 +00:00			`- "{{BaseURL}}/application.wadl"`
Remove WSDL check, add additional checks 2020-08-06 18:26:49 +00:00			`- "{{BaseURL}}/application.wadl?detail=true"`
			`- "{{BaseURL}}/api/application.wadl"`
			`- "{{BaseURL}}/api/v1/application.wadl"`
			`- "{{BaseURL}}/api/v2/application.wadl"`
misc update 2021-09-02 17:27:55 +00:00
			`stop-at-first-match: true`
WADL Files Detect WADL files. 2020-04-06 12:27:09 +00:00			`matchers:`
Remove WSDL check, add additional checks 2020-08-06 18:26:49 +00:00			`- name: http-get`
			`type: word`
			`words:`
			`- "This is simplified WADL with user and core resources only"`
misc update 2021-09-02 17:27:55 +00:00			`- "http://jersey.java.net"`
Remove WSDL check, add additional checks 2020-08-06 18:26:49 +00:00			`- "http://wadl.dev.java.net/2009/02"`
misc update 2021-09-02 17:27:55 +00:00
Remove WSDL check, add additional checks 2020-08-06 18:26:49 +00:00			`- method: OPTIONS`
			`path:`
Preparing for request clustering 2021-01-13 07:31:46 +00:00			`- "{{BaseURL}}"`
Remove WSDL check, add additional checks 2020-08-06 18:26:49 +00:00			`- "{{BaseURL}}/api/v1"`
			`- "{{BaseURL}}/api/v2"`
Added stop-at-first-match in applicable templates 2021-09-02 11:59:10 +00:00
			`stop-at-first-match: true`
Remove WSDL check, add additional checks 2020-08-06 18:26:49 +00:00			`matchers:`
			`- name: http-options`
			`type: word`
Update syntax 2020-05-25 08:02:27 +00:00			`words:`
WADL Files Detect WADL files. 2020-04-06 12:27:09 +00:00			`- "This is simplified WADL with user and core resources only"`
misc update 2021-09-02 17:27:55 +00:00			`- "http://jersey.java.net"`
WADL Files Detect WADL files. 2020-04-06 12:27:09 +00:00			`- "http://wadl.dev.java.net/2009/02"`
TemplateMan Update [Fri Oct 20 11:41:12 UTC 2023] :robot: 2023-10-20 11:41:13 +00:00
			`# digest: 4b0a00483046022100e2f839e3c09ac43f2fef563e3df53c2508374f88b7a6440f5b8e77a7dbefcc05022100a0f7c47efacbf012afecb48f03f8c1f63a337bf8b96061929d5a1de831f61d79:922c64590222798bb761d5b6d8e72950`