Added CGI script environment variable (#3498)

2022-01-07 14:02:29 +05:30 · 2022-01-07 14:02:29 +05:30 · 5c8ccbd1e5
parent 491d46335f
commit 5c8ccbd1e5
1 changed files with 29 additions and 0 deletions
--- a/exposures/configs/cgi-printenv.yaml
+++ b/exposures/configs/cgi-printenv.yaml
@ -0,0 +1,29 @@
+id: cgi-printenv
+
+info:
+  author: emadshanab
+  name: CGI script environment variable
+  severity: medium
+  description: A test CGI (Common Gateway Interface) script was found on this server. The response page returned by this CGI script is leaking a list of server environment variables.
+  reference: https://www.acunetix.com/vulnerabilities/web/test-cgi-script-leaking-environment-variables/
+  tags: exposure,generic,cgi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/cgi-bin/printenv.pl"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - 'MYSQL_HOME'
+          - 'OPENSSL_CONF'
+          - 'REMOTE_ADDR'
+          - 'SERVER_ADMIN'
+          - 'Environment Variables:'
+        condition: or
+
+      - type: status
+        status:
+          - 200