nuclei-templates/http/exposures/configs/composer-config.yaml

37 lines
992 B
YAML
Raw Normal View History

2021-01-10 22:54:00 +00:00
id: composer-config
2020-12-28 15:46:09 +00:00
info:
name: Composer Config - Detect
2020-12-28 15:46:09 +00:00
author: Mahendra Purbia (Mah3Sec_)
2020-12-28 15:59:57 +00:00
severity: info
description: Composer configuration file detected.
reference: https://getcomposer.org/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
2021-04-06 06:46:11 +00:00
tags: config,exposure
metadata:
max-request: 4
2020-12-28 15:46:09 +00:00
http:
2020-12-28 15:46:09 +00:00
- method: GET
path:
- "{{BaseURL}}/composer.json"
- "{{BaseURL}}/composer.lock"
2021-01-02 06:41:27 +00:00
- "{{BaseURL}}/.composer/composer.json"
- "{{BaseURL}}/vendor/composer/installed.json"
2020-12-28 15:59:31 +00:00
2020-12-28 15:46:09 +00:00
matchers:
2021-01-02 06:40:26 +00:00
- type: dsl
name: composer.lock
dsl:
2021-03-24 23:28:50 +00:00
- "contains(body, 'packages') && contains(tolower(all_headers), 'application/octet-stream') && status_code == 200"
2020-12-28 15:46:09 +00:00
2021-01-02 06:40:26 +00:00
- type: dsl
name: composer.json
dsl:
2021-03-24 23:28:50 +00:00
- "contains(body, 'require') && contains(tolower(all_headers), 'application/json') && status_code == 200"
# Enhanced by mp on 2023/02/05