nuclei-templates/http/exposures/backups/php-backup-files.yaml

139 lines
3.8 KiB
YAML
Raw Normal View History

2023-06-23 22:25:37 +00:00
id: php-backup-files
info:
name: PHP Source - Backup File Information Disclosure
2023-10-02 10:07:48 +00:00
author: StreetOfHackerR007,pwnhxl,mastercho,0xpugazh
2023-06-23 22:25:37 +00:00
severity: medium
2024-01-02 15:53:10 +00:00
description: PHP Source File is disclosed to external users.
2023-06-23 22:25:37 +00:00
metadata:
max-request: 1512
2024-02-28 05:11:31 +00:00
tags: exposure,backup,php,disclosure,bruteforce
2023-06-23 22:25:37 +00:00
http:
- method: GET
path:
- "{{BaseURL}}{{filepath}}{{bakext}}"
attack: clusterbomb
payloads:
filepath:
2023-10-14 11:27:55 +00:00
- /wp-config.php # wordpress
- /wp-config # wordpress
- /site/default/settings.php # drupal
- /installation/configuration.php # joomla
- /app/etc/env.php # magento
- /Application/Common/Conf/config.php # thinkphp
- /environments/dev/common/config/main-local.php # yii
- /environments/prod/common/config/main-local.php # yii
- /common/config/main-local.php # yii
- /system/config/default.php # opencart
- /typo3conf/localconf.php # typo3
- /config/config_global.php # discuz
- /config/config_ucenter.php # discuz
- /textpattern/config.php # textpattern
- /data/common.inc.php # dedecms
- /caches/configs/database.php # phpcms
- /caches/configs/system.php # phpcms
- /include/config.inc.php # phpcms
- /include/config.php # xbtit
- /includes/config.php # vbulletin
2023-06-23 22:25:37 +00:00
- /includes/config # vbulletin
2023-10-14 11:27:55 +00:00
- /phpsso_server/caches/configs/database.php # phpcms
- /phpsso_server/caches/configs/system.php # phpcms
- /zb_users/c_option.php # zblog
- /e/class/config.php # empirecms
- /e/config/config.php # empirecms
- /data/sql_config.php # phpwind
- /data/bbscache/config.php # phpwind
2024-01-07 03:09:02 +00:00
- /app/config/parameters.yml # prestashop 1.7
- /app/config/parameters.php # prestashop 1.7
- /config/settings.inc.php # prestashop > 1.5,1.6
- /config/settings.old.php # prestashop > 1.5,1.6
2024-01-07 04:00:10 +00:00
- /manager/includes/config.inc.php # MODX CMS
2024-01-07 05:15:37 +00:00
- /app/config/parameters.ini # Symfony
2023-06-23 22:25:37 +00:00
- /db.php
- /conn.php
- /database.php
- /db_config.php
- /config.inc.php
- /data/config.php
- /config/config.php
- /index.php
- /default.php
- /main.php
- /settings.php
- /header.php
- /footer.php
- /login.php
- /404.php
- /wp-login.php
- /config.php
2023-09-11 14:00:09 +00:00
- /config
2023-10-02 10:07:48 +00:00
- /const.DB.php.bak
2024-01-07 03:09:02 +00:00
- /const.DB.php
2024-01-22 06:32:39 +00:00
2023-06-23 22:25:37 +00:00
bakext:
- ".~"
- ".bk"
- ".bak"
- ".bkp"
- ".BAK"
2024-01-07 04:00:10 +00:00
- ".blank"
2023-06-23 22:25:37 +00:00
- ".swp"
- ".swo"
- ".swn"
- ".tmp"
- ".save"
- ".old"
- ".new"
- ".orig"
- ".dist"
2024-01-14 14:19:17 +00:00
- ".eski" # Turkish word for .bak its common on file backups
2023-06-23 22:25:37 +00:00
- ".txt"
- ".disabled"
- ".original"
- ".backup"
- "_bak"
- "_1.bak"
- "~"
- "!"
- ".0"
- ".1"
- ".2"
- ".3"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- "<?php"
- "<?="
condition: or
- type: word
part: body
words:
- "?>"
- "($"
- "$_GET["
- "$_POST["
- "$_REQUEST["
- "$_SERVER["
2023-07-06 12:14:08 +00:00
- "'DB_PASSWORD'"
2023-10-02 10:07:48 +00:00
- "'DBPASS'"
2024-01-07 04:00:10 +00:00
- "database_type"
2023-10-02 10:07:48 +00:00
- "define('DB"
2023-06-23 22:25:37 +00:00
condition: or
- type: word
part: header
words:
- "text/plain"
- "bytes"
2023-07-06 12:14:08 +00:00
condition: or
# digest: 4b0a00483046022100c733de0ef40feb46f3e0d6ba5996c622340ad6910a6ea85e9c1c4e8aa1939cd2022100b73afbe7b608bdd57d018fe31bdc23a620f2e6b965916193232c840782ef90d0:922c64590222798bb761d5b6d8e72950