Create typo3-sensitive-files.yaml

2023-02-15 07:34:01 +09:00 · 2023-02-15 07:34:01 +09:00 · 0c7634c049
parent c4ef4a29b5
commit 0c7634c049
1 changed files with 26 additions and 0 deletions
--- a/typo3-sensitive-files.yaml
+++ b/typo3-sensitive-files.yaml
@ -0,0 +1,26 @@
+id: typo3-sensitive-files
+
+info:
+  name: Typo3 sensitive files
+  author: 0x_Akoko
+  severity: low
+  description: The web application is based on Typo3 CMS. A sensitive file has been found. Access to such files must be restricted, as it may lead to disclosure of sensitive information about the web application.
+  reference: https://docs.typo3.org/m/typo3/guide-installation/master/en-us/In-depth/SystemRequirements/Index.html#nginx
+  tags: typo3,sensitive,files
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/typo3/sysext/install/composer.json'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "The Install Tool mounted as the module Tools>Install in TYPO3."
+      - type: word
+        part: header
+        words:
+          - 200
+