Merge pull request #4548 from z3xddd/master

Create ciphersecretkey.yaml and apimsecretkey.yaml
2022-06-10 19:00:11 +05:30 · 2022-06-10 19:00:11 +05:30 · 1500365c41
parent d357949664 8bba01b57d
commit 1500365c41
2 changed files with 47 additions and 0 deletions
--- a/exposures/tokens/azure/azure-apim-secretkey.yaml
+++ b/exposures/tokens/azure/azure-apim-secretkey.yaml
@ -0,0 +1,24 @@
+id: azure-apim-secretkey
+
+info:
+  name: Azure - APIM Secret Key
+  author: israel comazzetto dos reis
+  severity: info
+  description: Azure APIM Secret Key
+  tags: azure,apim,microsoft,exposure
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '"Ocp-Apim-Subscription-Key":'
+
+      - type: status
+        status:
+          - 200
--- a/exposures/tokens/nextjs/cipher-secret-key.yaml
+++ b/exposures/tokens/nextjs/cipher-secret-key.yaml
@ -0,0 +1,23 @@
+id: cipher-secret-key
+
+info:
+  name: Cipher Secret Key Exposure
+  author: israel comazzetto dos reis
+  severity: info
+  tags: exposure
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "cipherSecretKey:"
+
+      - type: status
+        status:
+          - 200