From 3ae4fced09be64eff3d04061cda0fe4bd8af60e5 Mon Sep 17 00:00:00 2001 From: PikPikcU <60111811+pikpikcu@users.noreply.github.com> Date: Tue, 23 Feb 2021 08:07:05 +0000 Subject: [PATCH 1/2] Create horde-unauthenticated.yaml --- misconfiguration/horde-unauthenticated.yaml | 27 +++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 misconfiguration/horde-unauthenticated.yaml diff --git a/misconfiguration/horde-unauthenticated.yaml b/misconfiguration/horde-unauthenticated.yaml new file mode 100644 index 0000000000..80fb4496ea --- /dev/null +++ b/misconfiguration/horde-unauthenticated.yaml @@ -0,0 +1,27 @@ +id: horde-unauthenticated + +info: + name: Horde Groupware Unauthenticated + author: pikpikcu + severity: critical + +requests: + - method: GET + path: + - "{{BaseURL}}/horde/admin/user.php" + - "{{BaseURL}}/admin/user.php" + headers: + Content-Type: text/html + cooki-reuse: true + + matchers-condition: and + matchers: + + - type: word + words: + - "Horde :: User Administration" + condition: and + + - type: status + status: + - 200 From bff0e4c1323351fa6fdc1327cc8b105f851e1517 Mon Sep 17 00:00:00 2001 From: sandeep <8293321+bauthard@users.noreply.github.com> Date: Tue, 23 Feb 2021 14:03:44 +0530 Subject: [PATCH 2/2] Update horde-unauthenticated.yaml --- misconfiguration/horde-unauthenticated.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/misconfiguration/horde-unauthenticated.yaml b/misconfiguration/horde-unauthenticated.yaml index 80fb4496ea..6e648dd041 100644 --- a/misconfiguration/horde-unauthenticated.yaml +++ b/misconfiguration/horde-unauthenticated.yaml @@ -4,6 +4,7 @@ info: name: Horde Groupware Unauthenticated author: pikpikcu severity: critical + tags: horde requests: - method: GET @@ -12,7 +13,6 @@ requests: - "{{BaseURL}}/admin/user.php" headers: Content-Type: text/html - cooki-reuse: true matchers-condition: and matchers: