add pussycat0x updates

2023-04-03 11:49:45 -03:00 · 2023-04-03 11:49:45 -03:00 · 407930143b
parent 0a24471dd6
commit 407930143b
1 changed files with 14 additions and 8 deletions
--- a/misconfiguration/laravel-horizon-unauth.yaml
+++ b/misconfiguration/laravel-horizon-unauth.yaml
@ -1,11 +1,13 @@
 id: laravel-horizon-unauth

 info:
-  name: Laravel Horizon Dashboard - Unauthenticated Detect
+  name: Laravel Horizon Dashboard - Unauthenticated
  author: vagnerd
  severity: medium
  description: |
    Laravel Horizon Dashboard unauthenticated was detected.
+  remediation: |
+     - Configure Authentication in Laravel Horizon.
  reference:
    - https://github.com/laravel/horizon
    - https://laravel.com/docs/10.x/horizon#dashboard-authorization
@ -21,19 +23,23 @@ info:
 requests:
  - method: GET
    path:
-      - "{{BaseURL}}/horizon/dashboard"
+      - "{{BaseURL}}/api/stats"
+      - "{{BaseURL}}/horizon/api/stats"

    matchers-condition: and
    matchers:
-      - type: word
-        part: header
-        words:
-          - "text/html"
-
      - type: word
        part: body
        words:
-          - "<strong>Laravel</strong> Horizon"
+          - "queueWithMaxRuntime"
+          - "recentJobs"
+          - "status"
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - "application/json"

      - type: status
        status: