2023-06-23 22:25:37 +00:00
|
|
|
id: php-backup-files
|
|
|
|
|
|
|
|
info:
|
|
|
|
name: PHP Source - Backup File Information Disclosure
|
2023-10-02 10:07:48 +00:00
|
|
|
author: StreetOfHackerR007,pwnhxl,mastercho,0xpugazh
|
2023-06-23 22:25:37 +00:00
|
|
|
severity: medium
|
2024-01-02 15:53:10 +00:00
|
|
|
description: PHP Source File is disclosed to external users.
|
2023-06-23 22:25:37 +00:00
|
|
|
metadata:
|
2024-01-29 11:58:34 +00:00
|
|
|
max-request: 1512
|
2024-02-28 05:11:31 +00:00
|
|
|
tags: exposure,backup,php,disclosure,bruteforce
|
2023-06-23 22:25:37 +00:00
|
|
|
|
|
|
|
http:
|
|
|
|
- method: GET
|
|
|
|
path:
|
|
|
|
- "{{BaseURL}}{{filepath}}{{bakext}}"
|
|
|
|
|
|
|
|
attack: clusterbomb
|
|
|
|
payloads:
|
|
|
|
filepath:
|
2023-10-14 11:27:55 +00:00
|
|
|
- /wp-config.php # wordpress
|
|
|
|
- /wp-config # wordpress
|
|
|
|
- /site/default/settings.php # drupal
|
|
|
|
- /installation/configuration.php # joomla
|
|
|
|
- /app/etc/env.php # magento
|
|
|
|
- /Application/Common/Conf/config.php # thinkphp
|
|
|
|
- /environments/dev/common/config/main-local.php # yii
|
|
|
|
- /environments/prod/common/config/main-local.php # yii
|
|
|
|
- /common/config/main-local.php # yii
|
|
|
|
- /system/config/default.php # opencart
|
|
|
|
- /typo3conf/localconf.php # typo3
|
|
|
|
- /config/config_global.php # discuz
|
|
|
|
- /config/config_ucenter.php # discuz
|
|
|
|
- /textpattern/config.php # textpattern
|
|
|
|
- /data/common.inc.php # dedecms
|
|
|
|
- /caches/configs/database.php # phpcms
|
|
|
|
- /caches/configs/system.php # phpcms
|
|
|
|
- /include/config.inc.php # phpcms
|
|
|
|
- /include/config.php # xbtit
|
|
|
|
- /includes/config.php # vbulletin
|
2023-06-23 22:25:37 +00:00
|
|
|
- /includes/config # vbulletin
|
2023-10-14 11:27:55 +00:00
|
|
|
- /phpsso_server/caches/configs/database.php # phpcms
|
|
|
|
- /phpsso_server/caches/configs/system.php # phpcms
|
|
|
|
- /zb_users/c_option.php # zblog
|
|
|
|
- /e/class/config.php # empirecms
|
|
|
|
- /e/config/config.php # empirecms
|
|
|
|
- /data/sql_config.php # phpwind
|
|
|
|
- /data/bbscache/config.php # phpwind
|
2024-01-07 03:09:02 +00:00
|
|
|
- /app/config/parameters.yml # prestashop 1.7
|
|
|
|
- /app/config/parameters.php # prestashop 1.7
|
|
|
|
- /config/settings.inc.php # prestashop > 1.5,1.6
|
|
|
|
- /config/settings.old.php # prestashop > 1.5,1.6
|
2024-01-07 04:00:10 +00:00
|
|
|
- /manager/includes/config.inc.php # MODX CMS
|
2024-01-07 05:15:37 +00:00
|
|
|
- /app/config/parameters.ini # Symfony
|
2023-06-23 22:25:37 +00:00
|
|
|
- /db.php
|
|
|
|
- /conn.php
|
|
|
|
- /database.php
|
|
|
|
- /db_config.php
|
|
|
|
- /config.inc.php
|
|
|
|
- /data/config.php
|
|
|
|
- /config/config.php
|
|
|
|
- /index.php
|
|
|
|
- /default.php
|
|
|
|
- /main.php
|
|
|
|
- /settings.php
|
|
|
|
- /header.php
|
|
|
|
- /footer.php
|
|
|
|
- /login.php
|
|
|
|
- /404.php
|
|
|
|
- /wp-login.php
|
|
|
|
- /config.php
|
2023-09-11 14:00:09 +00:00
|
|
|
- /config
|
2023-10-02 10:07:48 +00:00
|
|
|
- /const.DB.php.bak
|
2024-01-07 03:09:02 +00:00
|
|
|
- /const.DB.php
|
2024-01-22 06:32:39 +00:00
|
|
|
|
2023-06-23 22:25:37 +00:00
|
|
|
bakext:
|
|
|
|
- ".~"
|
|
|
|
- ".bk"
|
|
|
|
- ".bak"
|
|
|
|
- ".bkp"
|
|
|
|
- ".BAK"
|
2024-01-07 04:00:10 +00:00
|
|
|
- ".blank"
|
2023-06-23 22:25:37 +00:00
|
|
|
- ".swp"
|
|
|
|
- ".swo"
|
|
|
|
- ".swn"
|
|
|
|
- ".tmp"
|
|
|
|
- ".save"
|
|
|
|
- ".old"
|
|
|
|
- ".new"
|
|
|
|
- ".orig"
|
|
|
|
- ".dist"
|
2024-01-14 14:19:17 +00:00
|
|
|
- ".eski" # Turkish word for .bak its common on file backups
|
2023-06-23 22:25:37 +00:00
|
|
|
- ".txt"
|
|
|
|
- ".disabled"
|
|
|
|
- ".original"
|
|
|
|
- ".backup"
|
|
|
|
- "_bak"
|
|
|
|
- "_1.bak"
|
|
|
|
- "~"
|
|
|
|
- "!"
|
|
|
|
- ".0"
|
|
|
|
- ".1"
|
|
|
|
- ".2"
|
|
|
|
- ".3"
|
|
|
|
|
|
|
|
matchers-condition: and
|
|
|
|
matchers:
|
|
|
|
- type: status
|
|
|
|
status:
|
|
|
|
- 200
|
|
|
|
|
|
|
|
- type: word
|
|
|
|
part: body
|
|
|
|
words:
|
|
|
|
- "<?php"
|
|
|
|
- "<?="
|
|
|
|
condition: or
|
|
|
|
|
|
|
|
- type: word
|
|
|
|
part: body
|
|
|
|
words:
|
|
|
|
- "?>"
|
|
|
|
- "($"
|
|
|
|
- "$_GET["
|
|
|
|
- "$_POST["
|
|
|
|
- "$_REQUEST["
|
|
|
|
- "$_SERVER["
|
2023-07-06 12:14:08 +00:00
|
|
|
- "'DB_PASSWORD'"
|
2023-10-02 10:07:48 +00:00
|
|
|
- "'DBPASS'"
|
2024-01-07 04:00:10 +00:00
|
|
|
- "database_type"
|
2023-10-02 10:07:48 +00:00
|
|
|
- "define('DB"
|
2023-06-23 22:25:37 +00:00
|
|
|
condition: or
|
|
|
|
|
|
|
|
- type: word
|
|
|
|
part: header
|
|
|
|
words:
|
|
|
|
- "text/plain"
|
|
|
|
- "bytes"
|
2023-07-06 12:14:08 +00:00
|
|
|
condition: or
|
2024-02-28 07:36:01 +00:00
|
|
|
# digest: 4b0a00483046022100c733de0ef40feb46f3e0d6ba5996c622340ad6910a6ea85e9c1c4e8aa1939cd2022100b73afbe7b608bdd57d018fe31bdc23a620f2e6b965916193232c840782ef90d0:922c64590222798bb761d5b6d8e72950
|