Merge pull request #5332 from arafatansari/patch-82

Create corebos-htaccess.yaml

misconfiguration/corebos-htaccess.yaml

@@ -0,0 +1,32 @@
+id: corebos-htaccess
+
+info:
+  name: CoreBos - .htaccess File Exposure
+  author: arafatansari
+  severity: info
+  description: |
+    CoreBos was discovered to have .htaccess file exposed to public which includes sensitive information.
+  reference:
+    - https://huntr.dev/bounties/5b0fe6e3-4ca1-44ae-8875-d7e6c065432e/
+  metadata:
+    verified: true
+    shodan-query: http.html:"corebos"
+  tags: misconfig,exposure,corebos
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/htaccess.txt'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - 'Options -Indexes'
+          - '<FilesMatch'
+        condition: and
+
+      - type: status
+        status:
+          - 200