Updated php-backup extenstions

http/exposures/backups/php-backup-files.yaml

@@ -0,0 +1,122 @@
+id: php-backup-files
+
+info:
+  name: PHP Source - Backup File Information Disclosure
+  author: StreetOfHackerR007,pwnhxl,mastercho
+  severity: medium
+  tags: exposure,backup,php,disclosure,fuzz
+  metadata:
+    max-request: 1025
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}{{filepath}}{{bakext}}"
+
+    attack: clusterbomb
+    payloads:
+      filepath:
+        - /wp-config.php   # wordpress
+        - /wp-config   # wordpress
+        - /site/default/settings.php   # drupal
+        - /installation/configuration.php   # joomla
+        - /app/etc/env.php   # magento
+        - /Application/Common/Conf/config.php   # thinkphp
+        - /environments/dev/common/config/main-local.php   # yii
+        - /environments/prod/common/config/main-local.php   # yii
+        - /common/config/main-local.php   # yii
+        - /system/config/default.php   # opencart
+        - /typo3conf/localconf.php   # typo3
+        - /config/config_global.php   # discuz
+        - /config/config_ucenter.php   # discuz
+        - /textpattern/config.php   # textpattern
+        - /data/common.inc.php   # dedecms
+        - /caches/configs/database.php   # phpcms
+        - /caches/configs/system.php   # phpcms
+        - /include/config.inc.php   # phpcms
+        - /include/config.php   # xbtit
+        - /includes/config.php   # vbulletin
+        - /includes/config # vbulletin
+        - /phpsso_server/caches/configs/database.php   # phpcms
+        - /phpsso_server/caches/configs/system.php   # phpcms
+        - /zb_users/c_option.php   # zblog
+        - /e/class/config.php   # empirecms
+        - /e/config/config.php   # empirecms
+        - /data/sql_config.php   # phpwind
+        - /data/bbscache/config.php   # phpwind
+        - /db.php
+        - /conn.php
+        - /database.php
+        - /db_config.php
+        - /config.inc.php
+        - /data/config.php
+        - /config/config.php
+        - /index.php
+        - /default.php
+        - /main.php
+        - /settings.php
+        - /header.php
+        - /footer.php
+        - /login.php
+        - /404.php
+        - /wp-login.php
+        - /config.php
+
+      bakext:
+        - ".~"
+        - ".bk"
+        - ".bak"
+        - ".bkp"
+        - ".BAK"
+        - ".swp"
+        - ".swo"
+        - ".swn"
+        - ".tmp"
+        - ".save"
+        - ".old"
+        - ".new"
+        - ".orig"
+        - ".dist"
+        - ".txt"
+        - ".disabled"
+        - ".original"
+        - ".backup"
+        - "_bak"
+        - "_1.bak"
+        - "~"
+        - "!"
+        - ".0"
+        - ".1"
+        - ".2"
+        - ".3"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        part: body
+        words:
+          - "<?php"
+          - "<?="
+        condition: or
+
+      - type: word
+        part: body
+        words:
+          - "?>"
+          - "($"
+          - "$_GET["
+          - "$_POST["
+          - "$_REQUEST["
+          - "$_SERVER["
+        condition: or
+
+      - type: word
+        part: header
+        words:
+          - "text/plain"
+          - "bytes"
+        condition: or