From 2a669a1401f3ca71001d188d60ae2e3fa9adf3f0 Mon Sep 17 00:00:00 2001 From: mastercho Date: Sat, 24 Jun 2023 01:25:37 +0300 Subject: [PATCH] Updated php-backup extenstions --- http/exposures/backups/php-backup-files.yaml | 122 +++++++++++++++++++ 1 file changed, 122 insertions(+) create mode 100644 http/exposures/backups/php-backup-files.yaml diff --git a/http/exposures/backups/php-backup-files.yaml b/http/exposures/backups/php-backup-files.yaml new file mode 100644 index 0000000000..c9c7a321d6 --- /dev/null +++ b/http/exposures/backups/php-backup-files.yaml @@ -0,0 +1,122 @@ +id: php-backup-files + +info: + name: PHP Source - Backup File Information Disclosure + author: StreetOfHackerR007,pwnhxl,mastercho + severity: medium + tags: exposure,backup,php,disclosure,fuzz + metadata: + max-request: 1025 + +http: + - method: GET + path: + - "{{BaseURL}}{{filepath}}{{bakext}}" + + attack: clusterbomb + payloads: + filepath: + - /wp-config.php # wordpress + - /wp-config # wordpress + - /site/default/settings.php # drupal + - /installation/configuration.php # joomla + - /app/etc/env.php # magento + - /Application/Common/Conf/config.php # thinkphp + - /environments/dev/common/config/main-local.php # yii + - /environments/prod/common/config/main-local.php # yii + - /common/config/main-local.php # yii + - /system/config/default.php # opencart + - /typo3conf/localconf.php # typo3 + - /config/config_global.php # discuz + - /config/config_ucenter.php # discuz + - /textpattern/config.php # textpattern + - /data/common.inc.php # dedecms + - /caches/configs/database.php # phpcms + - /caches/configs/system.php # phpcms + - /include/config.inc.php # phpcms + - /include/config.php # xbtit + - /includes/config.php # vbulletin + - /includes/config # vbulletin + - /phpsso_server/caches/configs/database.php # phpcms + - /phpsso_server/caches/configs/system.php # phpcms + - /zb_users/c_option.php # zblog + - /e/class/config.php # empirecms + - /e/config/config.php # empirecms + - /data/sql_config.php # phpwind + - /data/bbscache/config.php # phpwind + - /db.php + - /conn.php + - /database.php + - /db_config.php + - /config.inc.php + - /data/config.php + - /config/config.php + - /index.php + - /default.php + - /main.php + - /settings.php + - /header.php + - /footer.php + - /login.php + - /404.php + - /wp-login.php + - /config.php + + bakext: + - ".~" + - ".bk" + - ".bak" + - ".bkp" + - ".BAK" + - ".swp" + - ".swo" + - ".swn" + - ".tmp" + - ".save" + - ".old" + - ".new" + - ".orig" + - ".dist" + - ".txt" + - ".disabled" + - ".original" + - ".backup" + - "_bak" + - "_1.bak" + - "~" + - "!" + - ".0" + - ".1" + - ".2" + - ".3" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + part: body + words: + - "" + - "($" + - "$_GET[" + - "$_POST[" + - "$_REQUEST[" + - "$_SERVER[" + condition: or + + - type: word + part: header + words: + - "text/plain" + - "bytes" + condition: or \ No newline at end of file