From 0a24471dd6cc2d0403f5938ec25fd189e72c2cd2 Mon Sep 17 00:00:00 2001
From: Vagner Rodrigues <vagner.rodrigues@gmail.com>
Date: Fri, 31 Mar 2023 13:00:27 -0300
Subject: [PATCH] Create laravel-horizon-unauth.yaml

---
 misconfiguration/laravel-horizon-unauth.yaml | 40 ++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 misconfiguration/laravel-horizon-unauth.yaml

diff --git a/misconfiguration/laravel-horizon-unauth.yaml b/misconfiguration/laravel-horizon-unauth.yaml
new file mode 100644
index 0000000000..418bcba0fc
--- /dev/null
+++ b/misconfiguration/laravel-horizon-unauth.yaml
@@ -0,0 +1,40 @@
+id: laravel-horizon-unauth
+
+info:
+  name: Laravel Horizon Dashboard - Unauthenticated Detect
+  author: vagnerd
+  severity: medium
+  description: |
+    Laravel Horizon Dashboard unauthenticated was detected.
+  reference:
+    - https://github.com/laravel/horizon
+    - https://laravel.com/docs/10.x/horizon#dashboard-authorization
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 5.3
+    cwe-id: CWE-200
+  metadata:
+    shodan-query: http.favicon.hash:450899026
+    verified: "true"
+  tags: laravel,unauth,dashboard,misconfig
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/horizon/dashboard"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: header
+        words:
+          - "text/html"
+
+      - type: word
+        part: body
+        words:
+          - "<strong>Laravel</strong> Horizon"
+
+      - type: status
+        status:
+          - 200