From 211521d2df48fd1676fa0c447ec52dc53cab642b Mon Sep 17 00:00:00 2001
From: sandeep <8293321+ehsandeep@users.noreply.github.com>
Date: Wed, 12 May 2021 00:45:00 +0530
Subject: [PATCH] Adding more matchers

---
 exposures/backups/php-backup-files.yaml | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/exposures/backups/php-backup-files.yaml b/exposures/backups/php-backup-files.yaml
index b33c51af44..5a9b791a05 100644
--- a/exposures/backups/php-backup-files.yaml
+++ b/exposures/backups/php-backup-files.yaml
@@ -4,7 +4,7 @@ info:
   name: PHP source disclosure through backup files
   author: StreetOfHackerR007 (Rohit Soni)
   severity: medium
-  tags: exposure,backup
+  tags: exposure,backup,php
 
 requests:
   - method: GET
@@ -24,16 +24,31 @@ requests:
       - "{{BaseURL}}/404.php.bak"
       - "{{BaseURL}}/wp-config.php.bak"
       - "{{BaseURL}}/wp-login.php.bak"
+
     redirects: true
+    max-redirects: 1
 
     matchers-condition: and
     matchers:
       - type: status
         status:
           - 200
-        condition: and
 
       - type: word
         words:
           - "<?php"
           - "<?="
+        condition: or
+        part: body
+
+      - type: word
+        words:
+          - "?>"
+        part: body
+
+      - type: word
+        words:
+          - "text/plain"
+          - "bytes"
+        part: header
+        condition: or
\ No newline at end of file