daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Adding apache-tomcat-snoop example page

patch-1
bauthard 2020-11-16 19:30:33 +05:30
parent 2187e142b1
commit 2f42b6edd7
1 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
security-misconfiguration/apache-tomcat-snoop.yaml Normal file
View File

@ -0,0 +1,24 @@
id: apache-tomcat-snoop
info:
name: Apache Tomcat example page disclosure - snoop
author: pdteam
severity: low
description: The following example scripts that come with Apache Tomcat v4.x - v7.x and can be used by attackers to gain information about the system. These scripts are also known to be vulnerable to cross site scripting (XSS) injection.
# Reference:- https://www.rapid7.com/db/vulnerabilities/apache-tomcat-example-leaks
requests:
- method: GET
path:
- "{{BaseURL}}/examples/jsp/snp/snoop.jsp"
matchers-condition: and
matchers:
- type: word
words:
- 'Request URI: /examples/jsp/snp/snoop.jsp'
- type: status
status:
- 200