Create sphinxsearch-config.yaml

Template to search for sphinx.conf file which contains pgsql/mysql/odb credentials
2024-02-24 06:15:44 +03:00 · 2024-02-24 06:15:44 +03:00 · 3e07c91034
parent 6a5cc64d9a
commit 3e07c91034
1 changed files with 36 additions and 0 deletions
--- a/http/exposures/configs/sphinxsearch-config.yaml
+++ b/http/exposures/configs/sphinxsearch-config.yaml
@ -0,0 +1,36 @@
+id: sphinxsearch-config
+
+info:
+  name: Sphinx Search configuration file containing SQL credentials
+  author: gtrrnr
+  severity: high
+  description: sphinx.conf file contains SQL credentials and is publicly accessible.
+  impact: |
+    An attacker can use leaked credentials to gain access to database.
+  reference:
+    - https://github.com/manticorp/SphinxSearch/blob/master/sphinx.conf.example
+  metadata:
+    max-request: 7
+  tags: sphinx,sphinxsearch,exposure
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/config/development.sphinx.conf"
+      - "{{BaseURL}}/config/production.sphinx.conf"
+      - "{{BaseURL}}/configs/sphinx.conf"
+      - "{{BaseURL}}/search/configs/sphinx.conf"
+      - "{{BaseURL}}/sphinx.conf"
+      - "{{BaseURL}}/sphinx/sphinx.conf"
+      - "{{BaseURL}}/sphinxsearch/sphinx.conf"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "sql_user"
+
+      - type: status
+        status:
+          - 200