Merge pull request #4988 from projectdiscovery/symfony

symfony template update

exposures/configs/symfony-profiler.yaml

@@ -4,16 +4,20 @@ info:
   name: Symfony Profiler
   author: pdteam
   severity: high
+  metadata:
+    verified: true
+    shodan-query: http.html:"symfony Profiler"
   tags: config,exposure,symfony
 
 requests:
   - method: GET
     path:
       - "{{BaseURL}}/_profiler/empty/search/results?limit=10"
+      - "{{BaseURL}}/app_dev.php/_profiler/empty/search/results?limit=10"
+
+    stop-at-first-match: true
     matchers:
       - type: word
-        words:
-          - "<title>Symfony Profiler</title>"
-          - "symfony/profiler/"
-        condition: and
         part: body
+        words:
+          - "Symfony Profiler"

misconfiguration/symfony-debug.yaml

@@ -1,4 +1,4 @@
-id: symfony-debugmode
+id: symfony-debug
 
 info:
   name: Symfony Debug Mode
@@ -7,6 +7,9 @@ info:
   description: A Symfony installations 'debug' interface is enabled, allowing the disclosure and possible execution of arbitrary code.
   reference:
     - https://github.com/synacktiv/eos
+  metadata:
+    verified: true
+    shodan-query: http.html:"symfony Profiler"
   tags: symfony,debug
 
 requests:
@@ -16,17 +19,17 @@ requests:
 
     matchers-condition: or
     matchers:
-
       - type: word
-        words:
-          - 'X-Debug-Token-Link:'
-          - '/_profiler/'
         part: header
+        words:
+          - 'x-debug-token-link:'
+          - '/_profiler/'
         condition: and
+        case-insensitive: true
 
       - type: word
+        part: body
         words:
           - 'debug mode</a> is enabled.'
-        part: body
 
 # Enhanced by mp on 2022/04/12