From e41feac080d20bce99f7b901af8ea5b3a095fc75 Mon Sep 17 00:00:00 2001
From: "jose.costa" <jose.costa@laptop-3834.Home>
Date: Tue, 6 Feb 2024 17:38:50 +0000
Subject: [PATCH 1/2] Added Teampass LDAP template

---
 http/exposures/logs/teampass-ldap.yaml | 35 ++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 http/exposures/logs/teampass-ldap.yaml

diff --git a/http/exposures/logs/teampass-ldap.yaml b/http/exposures/logs/teampass-ldap.yaml
new file mode 100644
index 0000000000..a52dab6c13
--- /dev/null
+++ b/http/exposures/logs/teampass-ldap.yaml
@@ -0,0 +1,35 @@
+id: teampass-ldap
+
+info:
+  name: Teampass LDAP Debug Config - Detect
+  author: josecosta
+  severity: high
+  description: Teampass ldap.debug.txt config was detected. This file is generated on "/files/ldap.debug.txt" for versions earlier than 3.0.0.0 when utilizing the "Test current configuration" in LDAP settings.
+  reference:
+    - https://github.com/nilsteampassnet/TeamPass/commit/ea9838481a58879cdf3def31046955efcff5a546#diff-61809be6a8fff101e3748a0c7dfad90bR16
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cwe-id: CWE-200
+  metadata:
+    max-request: 1
+  tags: exposure,cgi
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/files/ldap.debug.txt"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - 'base_dn'
+          - 'search_base'
+          - 'bind_dn'
+          - 'bind_passwd'
+        condition: and
+
+      - type: status
+        status:
+          - 200

From 3f3f6a115b0875f70cf89214eb10dfee565419da Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Wed, 7 Feb 2024 14:30:06 +0530
Subject: [PATCH 2/2] Update teampass-ldap.yaml

---
 http/exposures/logs/teampass-ldap.yaml | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/http/exposures/logs/teampass-ldap.yaml b/http/exposures/logs/teampass-ldap.yaml
index a52dab6c13..76e8ec0876 100644
--- a/http/exposures/logs/teampass-ldap.yaml
+++ b/http/exposures/logs/teampass-ldap.yaml
@@ -3,8 +3,9 @@ id: teampass-ldap
 info:
   name: Teampass LDAP Debug Config - Detect
   author: josecosta
-  severity: high
-  description: Teampass ldap.debug.txt config was detected. This file is generated on "/files/ldap.debug.txt" for versions earlier than 3.0.0.0 when utilizing the "Test current configuration" in LDAP settings.
+  severity: medium
+  description: |
+    Teampass ldap.debug.txt config was detected. This file is generated on "/files/ldap.debug.txt" for versions earlier than 3.0.0.0 when utilizing the "Test current configuration" in LDAP settings.
   reference:
     - https://github.com/nilsteampassnet/TeamPass/commit/ea9838481a58879cdf3def31046955efcff5a546#diff-61809be6a8fff101e3748a0c7dfad90bR16
   classification:
@@ -13,7 +14,9 @@ info:
     cwe-id: CWE-200
   metadata:
     max-request: 1
-  tags: exposure,cgi
+    verified: true
+    fofa-query: app="TEAMPASS"
+  tags: exposure,teampass,ldap,logs
 
 http:
   - method: GET
@@ -23,6 +26,7 @@ http:
     matchers-condition: and
     matchers:
       - type: word
+        part: header
         words:
           - 'base_dn'
           - 'search_base'
@@ -30,6 +34,11 @@ http:
           - 'bind_passwd'
         condition: and
 
+      - type: word
+        part: header
+        words:
+          - 'text/plain'
+
       - type: status
         status:
           - 200