Merge pull request #4571 from nullfuzz-pentest/git-logs-exposure

Added git-logs-exposure Template
2022-07-15 16:30:24 +05:30 · 2022-07-15 16:30:24 +05:30 · 1d19b2c0d7
parent aca518a084 971c045dd4
commit 1d19b2c0d7
1 changed files with 33 additions and 0 deletions
--- a/exposures/logs/git-logs-exposure.yaml
+++ b/exposures/logs/git-logs-exposure.yaml
@ -0,0 +1,33 @@
+id: git-logs-exposure
+
+info:
+  name: Git Logs Disclosure
+  author: NullFuzz
+  severity: Info
+  description: Searches Git Logs files and passed URLs.
+  tags: logs,git,exposure
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/.git/logs/HEAD"
+
+    matchers-condition: and
+    matchers:
+      - type: dsl
+        dsl:
+          - "!contains(tolower(body), '<html')"
+          - "!contains(tolower(body), '<body')"
+
+      - type: word
+        part: header
+        words:
+          - "application/octet-stream"
+
+      - type: regex
+        regex:
+          - '^([a-z0-9]+) '
+
+      - type: status
+        status:
+          - 200