Update service-pwd-expose.yaml

2021-09-18 12:08:32 +05:30 · 2021-09-18 12:08:32 +05:30 · 4d2d1f35d6
parent 6ff85169c3
commit 4d2d1f35d6
1 changed files with 6 additions and 9 deletions
--- a/misconfiguration/service-pwd-expose.yaml
+++ b/misconfiguration/service-pwd-expose.yaml
@ -1,26 +1,23 @@
 id: service-pwd-expose
 info:
-  name: Service and conf file exposer
+  name: Service password file 
  author: pussycat0x
-  severity: info
-  description: Searches for sensitive .cnf, .pwd files.
+  severity: high
+  description: Searches for sensitive service.pwd file.
  reference: https://www.exploit-db.com/ghdb/7256
  tags: exposure,listing

 requests:
  - method: GET
    path:
-      - "{{BaseURL}}/_vti_pvt/"
+      - "{{BaseURL}}/_vti_pvt/service.pwd"

    matchers-condition: and
    matchers:
      - type: word
        words:
-          - "Index of"
-          - "_vti_pvt"
-          - "service.pwd"
-          - "cnf"
-        condition: and
+          - "# -FrontPage-"
+        part: body

      - type: status
        status: