Merge pull request #8897 from iamxhunt3r/main

Multiple Template Descriptions are updated.
2024-01-15 17:17:21 +05:30 · 2024-01-15 17:17:21 +05:30 · 8fbfc14ad5
parent a4ab893bc1 5d2e593858
commit 8fbfc14ad5
280 changed files with 283 additions and 4 deletions
--- a/http/exposures/backups/php-backup-files.yaml
+++ b/http/exposures/backups/php-backup-files.yaml
@ -4,6 +4,7 @@ info:
  name: PHP Source - Backup File Information Disclosure
  author: StreetOfHackerR007,pwnhxl,mastercho,0xpugazh
  severity: medium
  description: PHP Source File is disclosed to external users.
  metadata:
    max-request: 1222
  tags: exposure,backup,php,disclosure,fuzz
--- a/http/exposures/backups/zip-backup-files.yaml
+++ b/http/exposures/backups/zip-backup-files.yaml
@ -79,8 +79,8 @@ http:
    matchers:
      - type: binary
        binary:
-          - "7573746172202000" #tar
+          - "7573746172202000" # tar
-          - "7573746172003030"  #tar
+          - "7573746172003030" # tar
          - "377ABCAF271C" # 7z
          - "314159265359" # bz2
          - "53514c69746520666f726d6174203300" # SQLite format 3.
--- a/http/exposures/files/apache-licenserc.yaml
+++ b/http/exposures/files/apache-licenserc.yaml
@ -4,6 +4,7 @@ info:
  name: Apache License File
  author: DhiyaneshDk
  severity: low
  description: Apache License file is exposed.
  metadata:
    verified: true
    max-request: 1
--- a/http/exposures/files/apdisk-disclosure.yaml
+++ b/http/exposures/files/apdisk-disclosure.yaml
@ -4,6 +4,7 @@ info:
  name: Apdisk - File Disclosure
  author: DhiyaneshDk
  severity: low
  description: Apdisk internal file is exposed.
  reference:
    - https://discussions.apple.com/thread/250354761
  metadata:
--- a/http/exposures/files/auth-json.yaml
+++ b/http/exposures/files/auth-json.yaml
@ -4,6 +4,7 @@ info:
  name: Auth.json File - Disclosure
  author: DhiyaneshDk
  severity: high
  description: auth.json file is exposed.
  metadata:
    verified: true
    max-request: 1
--- a/http/exposures/files/azure-pipelines-exposed.yaml
+++ b/http/exposures/files/azure-pipelines-exposed.yaml
@ -4,6 +4,7 @@ info:
  name: Azure Pipelines Configuration File Disclosure
  author: DhiyaneshDk
  severity: medium
  description: Azure Pipelines internal critical file is disclosed.
  metadata:
    verified: true
    max-request: 2
--- a/http/exposures/files/azuredeploy-json.yaml
+++ b/http/exposures/files/azuredeploy-json.yaml
@ -4,6 +4,7 @@ info:
  name: Azure Resource Manager Template - File Exposure
  author: DhiyaneshDk
  severity: medium
  description: Azure Resource Manager deploy file is disclosed.
  reference:
    - https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/parameter-files
    - https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/template-tutorial-use-template-reference?tabs=CLI
--- a/http/exposures/files/cloud-config.yaml
+++ b/http/exposures/files/cloud-config.yaml
@ -4,6 +4,7 @@ info:
  name: Cloud Config File Exposure
  author: DhiyaneshDK,Hardik-Solanki
  severity: medium
  description: Cloud Config file is exposed.
  reference: https://www.exploit-db.com/ghdb/7959
  metadata:
    verified: true
--- a/http/exposures/files/cold-fusion-cfcache-map.yaml
+++ b/http/exposures/files/cold-fusion-cfcache-map.yaml
@ -4,6 +4,7 @@ info:
  name: Discover Cold Fusion cfcache.map Files
  author: geeknik
  severity: low
  description: Adobe Cold Fusion cfcache.map file is exposed.
  reference:
    - https://securiteam.com/windowsntfocus/5bp081f0ac/
  metadata:
--- a/http/exposures/files/composer-auth-json.yaml
+++ b/http/exposures/files/composer-auth-json.yaml
@ -4,6 +4,7 @@ info:
  name: Composer-auth Json File Disclosure
  author: DhiyaneshDK
  severity: low
  description: Composer Auth Josn file is disclosed.
  reference: https://www.exploit-db.com/ghdb/5768
  metadata:
    verified: true
--- a/http/exposures/files/core-dump.yaml
+++ b/http/exposures/files/core-dump.yaml
@ -4,6 +4,7 @@ info:
  name: Exposed Core Dump - File Disclosure
  author: kazet
  severity: medium
  description: Exposed Core Dump internal file is disclosed.
  reference:
    - https://github.com/hannob/snallygaster/blob/4c5a9b54501f64da96787c2a2e3a12ce2e09c1ab/snallygaster#L295
  metadata:
--- a/http/exposures/files/credentials-json.yaml
+++ b/http/exposures/files/credentials-json.yaml
@ -4,6 +4,7 @@ info:
  name: Credentials File Disclosure
  author: ritikchaddha
  severity: medium
  description: Internal secret file is exposed.
  metadata:
    verified: true
    max-request: 2
--- a/http/exposures/files/database-credentials.yaml
+++ b/http/exposures/files/database-credentials.yaml
@ -4,6 +4,7 @@ info:
  name: Database Credentials File Exposure
  author: Hardik-Solanki,geeknik
  severity: low
  description: Internal file exposed containing database credentials.
  reference:
    - https://github.com/maurosoria/dirsearch/blob/master/db/dicc.txt
  metadata:
--- a/http/exposures/files/docker-cloud.yaml
+++ b/http/exposures/files/docker-cloud.yaml
@ -4,6 +4,7 @@ info:
  name: Docker Cloud Yaml - File Disclosure
  author: DhiyaneshDK
  severity: medium
  description: Docker cloud internal yaml file is exposed.
  reference: https://www.exploit-db.com/ghdb/7959
  metadata:
    verified: true
--- a/http/exposures/files/domcfg-page.yaml
+++ b/http/exposures/files/domcfg-page.yaml
@ -4,6 +4,7 @@ info:
  name: Lotus Domino Configuration Page
  author: gevakun
  severity: low
  description: Lotus Domino configuration file is exposed.
  reference:
    - https://twitter.com/Wh11teW0lf/status/1295594085445709824
  metadata:
--- a/http/exposures/files/drupal-install.yaml
+++ b/http/exposures/files/drupal-install.yaml
@ -4,6 +4,7 @@ info:
  name: Drupal Install
  author: NkxxkN
  severity: low
  description: Drupal Install panel exposed.
  metadata:
    max-request: 2
    shodan-query: http.component:"drupal"
--- a/http/exposures/files/environment-rb.yaml
+++ b/http/exposures/files/environment-rb.yaml
@ -4,6 +4,7 @@ info:
  name: Environment Ruby File Disclosure
  author: DhiyaneshDK
  severity: medium
  description: Ruby environment file is exposed.
  metadata:
    verified: true
    max-request: 3
--- a/http/exposures/files/exposed-alps-spring.yaml
+++ b/http/exposures/files/exposed-alps-spring.yaml
@ -4,6 +4,7 @@ info:
  name: Exposed Spring Data REST Application-Level Profile Semantics (ALPS)
  author: dwisiswant0
  severity: medium
  description: Exposed Spring Data profile semantics is exposed.
  reference:
    - https://niemand.com.ar/2021/01/08/exploiting-application-level-profile-semantics-apls-from-spring-data-rest/
  metadata:
--- a/http/exposures/files/filezilla.yaml
+++ b/http/exposures/files/filezilla.yaml
@ -4,6 +4,7 @@ info:
  name: Filezilla
  author: amsda
  severity: medium
  description: Filezilla internal file is exposed.
  metadata:
    max-request: 3
  tags: exposure,files
--- a/http/exposures/files/gcloud-access-token.yaml
+++ b/http/exposures/files/gcloud-access-token.yaml
@ -4,6 +4,7 @@ info:
  name: Google Cloud Access Token
  author: DhiyaneshDK
  severity: medium
  description: Internal Google Cloud access tokens are exposed.
  metadata:
    verified: true
    max-request: 2
--- a/http/exposures/files/gcloud-credentials.yaml
+++ b/http/exposures/files/gcloud-credentials.yaml
@ -4,6 +4,7 @@ info:
  name: Google Cloud Credentials
  author: DhiyaneshDK
  severity: medium
  description: Google Cloud Crdentials file is exposed.
  metadata:
    verified: true
    max-request: 2
--- a/http/exposures/files/get-access-token-json.yaml
+++ b/http/exposures/files/get-access-token-json.yaml
@ -4,6 +4,7 @@ info:
  name: Get Access Token Json
  author: DhiyaneshDK
  severity: low
  description: Internal file is exposed in Constant Contact Forms wordpress plugin.
  metadata:
    verified: true
    max-request: 2
--- a/http/exposures/files/git-mailmap.yaml
+++ b/http/exposures/files/git-mailmap.yaml
@ -4,6 +4,7 @@ info:
  name: Git Mailmap File Disclosure
  author: geeknik,DhiyaneshDK
  severity: low
  description: Git Mailmap file is exposed.
  reference: https://man7.org/linux/man-pages/man5/gitmailmap.5.html
  metadata:
    verified: true
--- a/http/exposures/files/go-mod-disclosure.yaml
+++ b/http/exposures/files/go-mod-disclosure.yaml
@ -4,6 +4,7 @@ info:
  name: Go.mod Disclosure
  author: DhiyaneshDk
  severity: low
  description: go.mod internal file is exposed.
  metadata:
    verified: true
    max-request: 1
--- a/http/exposures/files/google-api-private-key.yaml
+++ b/http/exposures/files/google-api-private-key.yaml
@ -4,6 +4,7 @@ info:
  name: Google Api Private Key
  author: DhiyaneshDK
  severity: medium
  description: Google API private keys are exposed in files.
  reference: https://www.exploit-db.com/ghdb/6037
  metadata:
    verified: true
--- a/http/exposures/files/google-services-json.yaml
+++ b/http/exposures/files/google-services-json.yaml
@ -4,6 +4,7 @@ info:
  name: Google Service Json
  author: DhiyaneshDK
  severity: low
  description: google-services.json internal file is exposed.
  reference: https://www.exploit-db.com/ghdb/6886
  metadata:
    verified: true
--- a/http/exposures/files/iceflow-vpn-disclosure.yaml
+++ b/http/exposures/files/iceflow-vpn-disclosure.yaml
@ -4,6 +4,7 @@ info:
  name: ICEFlow VPN Disclosure
  author: pikpikcu
  severity: low
  description: ICEFlow VPN internal log file is exposed.
  metadata:
    max-request: 8
  tags: exposure,files,iceflow,logs
--- a/http/exposures/files/jsapi-ticket-json.yaml
+++ b/http/exposures/files/jsapi-ticket-json.yaml
@ -4,6 +4,7 @@ info:
  name: JsAPI Ticket Json
  author: DhiyaneshDK
  severity: low
  description: JsAPI Ticket internal file is exposed.
  reference: https://www.exploit-db.com/ghdb/6070
  metadata:
    verified: true
--- a/http/exposures/files/kubernetes-etcd-keys.yaml
+++ b/http/exposures/files/kubernetes-etcd-keys.yaml
@ -4,6 +4,7 @@ info:
  name: Kubernetes etcd Keys - Exposure
  author: Hardik-Solanki
  severity: medium
  description: Kubernetes private etcd keys are exposed.
  reference:
    - https://github.com/maurosoria/dirsearch/blob/master/db/dicc.txt
  metadata:
--- a/http/exposures/files/lazy-file.yaml
+++ b/http/exposures/files/lazy-file.yaml
@ -4,6 +4,7 @@ info:
  name: Lazy File Manager
  author: amsda
  severity: medium
  description: lfm.php file in exposed in Lazy File Manager.
  metadata:
    max-request: 1
  tags: exposure
--- a/http/exposures/files/npm-cli-metrics-json.yaml
+++ b/http/exposures/files/npm-cli-metrics-json.yaml
@ -4,6 +4,7 @@ info:
  name: NPM Anonymous CLI Metrics Json
  author: DhiyaneshDK
  severity: low
  description: anonymous-cli-metrics.json internal file in NPM is exposed.
  metadata:
    verified: true
    max-request: 2
--- a/http/exposures/files/oauth-credentials-json.yaml
+++ b/http/exposures/files/oauth-credentials-json.yaml
@ -4,6 +4,7 @@ info:
  name: Oauth Credentials Json
  author: DhiyaneshDK
  severity: low
  description: Oauth Credentials file is exposed.
  metadata:
    verified: true
    max-request: 1
--- a/http/exposures/files/openstack-user-secrets.yaml
+++ b/http/exposures/files/openstack-user-secrets.yaml
@ -4,6 +4,7 @@ info:
  name: OpenStack User Secrets Exposure
  author: geeknik
  severity: high
  description: Internal user_secrets.yml file is exposed in OpenStack.
  reference:
    - https://docs.openstack.org/project-deploy-guide/openstack-ansible/stein/configure.html
  metadata:
--- a/http/exposures/files/php-cs-cache.yaml
+++ b/http/exposures/files/php-cs-cache.yaml
@ -4,6 +4,7 @@ info:
  name: PHP-CS-Fixer Cache - File Disclosure
  author: DhiyaneshDk
  severity: medium
  description: PHP CS fixer cache internal file is disclosed.
  reference:
    - https://www.acunetix.com/vulnerabilities/web/php-cs-fixer-cache-file-publicly-accessible-php_cs-cache/
  metadata:
--- a/http/exposures/files/php-ini.yaml
+++ b/http/exposures/files/php-ini.yaml
@ -4,6 +4,7 @@ info:
  name: Php.ini File Disclosure
  author: geeknik,DhiyaneshDK
  severity: low
  description: php.ini file is exposed.
  reference: https://www.php.net/manual/en/configuration.file.php
  metadata:
    verified: true
--- a/http/exposures/files/php-user-ini-disclosure.yaml
+++ b/http/exposures/files/php-user-ini-disclosure.yaml
@ -4,6 +4,7 @@ info:
  name: Php User.ini Disclosure
  author: dhiyaneshDk
  severity: medium
  description: PHP user.ini file is exposed.
  reference:
    - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/php-user-ini-disclosure.json
  metadata:
--- a/http/exposures/files/phpunit-result-cache-exposure.yaml
+++ b/http/exposures/files/phpunit-result-cache-exposure.yaml
@ -4,6 +4,7 @@ info:
  name: PHPUnit Result Cache File Exposure
  author: DhiyaneshDk
  severity: low
  description: PHPUnit cache file is exposed.
  metadata:
    verified: true
    max-request: 1
--- a/http/exposures/files/putty-private-key-disclosure.yaml
+++ b/http/exposures/files/putty-private-key-disclosure.yaml
@ -4,6 +4,7 @@ info:
  name: Putty Private Key Disclosure
  author: DhiyaneshDk,geeknik
  severity: medium
  description: Putty internal user key file is exposed.
  reference:
    - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/putty-private-key-disclosure.json
  metadata:
--- a/http/exposures/files/rails-secret-token-disclosure.yaml
+++ b/http/exposures/files/rails-secret-token-disclosure.yaml
@ -4,6 +4,7 @@ info:
  name: Ruby on Rails Secret Token Disclosure
  author: dhiyaneshDk
  severity: medium
  description: Ruby on Rals Secret Token file is exposed.
  reference:
    - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/ruby-on-rails-secret-token-disclosure.json
  metadata:
--- a/http/exposures/files/ruby-rail-storage.yaml
+++ b/http/exposures/files/ruby-rail-storage.yaml
@ -4,6 +4,7 @@ info:
  name: Ruby on Rails storage.yml File Disclosure
  author: DhiyaneshDK
  severity: low
  description: Ruby on Rails storage.yml file is disclosed.
  metadata:
    verified: true
    max-request: 4
--- a/http/exposures/files/secret-token-rb.yaml
+++ b/http/exposures/files/secret-token-rb.yaml
@ -4,6 +4,7 @@ info:
  name: Secret Token Ruby - File Disclosure
  author: DhiyaneshDK
  severity: medium
  description: Ruby Secret token is exposed.
  metadata:
    verified: true
    max-request: 3
--- a/http/exposures/files/secrets-file.yaml
+++ b/http/exposures/files/secrets-file.yaml
@ -4,6 +4,7 @@ info:
  name: Ruby on Rails secrets.yml File Exposure
  author: DhiyaneshDK
  severity: high
  description: Ruby on Rails internal secret file is exposed.
  reference: https://www.exploit-db.com/ghdb/6283
  metadata:
    verified: true
--- a/http/exposures/files/sendgrid-env.yaml
+++ b/http/exposures/files/sendgrid-env.yaml
@ -4,6 +4,7 @@ info:
  name: SendGrid Env File Exposure
  author: DhiyaneshDk
  severity: medium
  description: SendGrid file is exposed containing environment variables.
  metadata:
    verified: true
    max-request: 1
--- a/http/exposures/files/service-account-credentials.yaml
+++ b/http/exposures/files/service-account-credentials.yaml
@ -4,6 +4,7 @@ info:
  name: Service Account Credentials File Disclosure
  author: ritikchaddha
  severity: medium
  description: Service Account Credentials internal file is exposed.
  metadata:
    verified: true
    max-request: 2
--- a/http/exposures/files/shellscripts.yaml
+++ b/http/exposures/files/shellscripts.yaml
@ -4,6 +4,7 @@ info:
  name: Public shellscripts
  author: panch0r3d
  severity: low
  description: This template checks exposure of bash scripts.
  metadata:
    max-request: 23
  tags: bash,exposure,files
--- a/http/exposures/files/svn-wc-db.yaml
+++ b/http/exposures/files/svn-wc-db.yaml
@ -4,6 +4,7 @@ info:
  name: SVN wc.db File Exposure
  author: Hardik-Solanki,R12W4N
  severity: medium
  description: SVN wc.db file is exposed.
  reference:
    - https://github.com/maurosoria/dirsearch/blob/master/db/dicc.txt
    - https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/http/svn_wcdb_scanner.rb
--- a/http/exposures/files/token-json.yaml
+++ b/http/exposures/files/token-json.yaml
@ -4,6 +4,7 @@ info:
  name: Token Json File Disclosure
  author: DhiyaneshDK
  severity: low
  description: Internal token.json file is exposed.
  metadata:
    verified: true
    max-request: 2
--- a/http/exposures/files/vagrantfile-exposure.yaml
+++ b/http/exposures/files/vagrantfile-exposure.yaml
@ -4,6 +4,7 @@ info:
  name: Vagrantfile Exposure
  author: DhiyaneshDk
  severity: low
  description: Vagrantfile is exposed to external users.
  metadata:
    verified: true
    max-request: 1
--- a/http/exposures/files/ws-ftp-ini.yaml
+++ b/http/exposures/files/ws-ftp-ini.yaml
@ -4,6 +4,7 @@ info:
  name: WS FTP File Disclosure
  author: DhiyaneshDK
  severity: low
  description: WS FTP file is disclosed.
  metadata:
    verified: true
    max-request: 1
--- a/http/exposures/files/xampp-environment-variables.yaml
+++ b/http/exposures/files/xampp-environment-variables.yaml
@ -4,6 +4,7 @@ info:
  name: XAMPP Environment Variables Exposure
  author: melbadry9,DhiyaneshDK
  severity: low
  description: printenv.pl file is exposed in XAMPP leaking environment variables.
  metadata:
    max-request: 1
  tags: exposure,xampp,files
--- a/http/exposures/logs/npm-log-file.yaml
+++ b/http/exposures/logs/npm-log-file.yaml
@ -4,6 +4,7 @@ info:
  name: Publicly accessible NPM Log file
  author: sheikhrishad,DhiyaneshDk
  severity: low
  description: NPM log file is exposed to external users.
  reference:
    - https://github.com/maurosoria/dirsearch/blob/master/db/dicc.txt
  metadata:
--- a/http/exposures/tokens/google/fcm-server-key.yaml
+++ b/http/exposures/tokens/google/fcm-server-key.yaml
@ -4,6 +4,7 @@ info:
  name: FCM Server Key
  author: absshax
  severity: high
  description: FCM Server Key is leaked.
  reference:
    - https://abss.me/posts/fcm-takeover
  metadata:
--- a/http/exposures/tokens/loqate/loqate-api-key.yaml
+++ b/http/exposures/tokens/loqate/loqate-api-key.yaml
@ -4,6 +4,7 @@ info:
  name: Loqate API Key
  author: realexp3rt
  severity: low
  description: Loqate API Key is leaked.
  reference:
    - https://www.loqate.com/en-gb/home/
  metadata:
--- a/http/exposures/tokens/mapbox/mapbox-token-disclosure.yaml
+++ b/http/exposures/tokens/mapbox/mapbox-token-disclosure.yaml
@ -4,6 +4,7 @@ info:
  name: Mapbox Token Disclosure
  author: Devang-Solanki
  severity: medium
  description: Mapbox secret token is exposed to external users.
  reference:
    - https://docs.gitguardian.com/secrets-detection/detectors/specifics/mapbox_token
    - https://github.com/zricethezav/gitleaks/blob/master/cmd/generate/config/rules/mapbox.go
--- a/http/exposures/tokens/razorpay/razorpay-clientid-disclosure.yaml
+++ b/http/exposures/tokens/razorpay/razorpay-clientid-disclosure.yaml
@ -4,6 +4,7 @@ info:
  name: Razorpay Client ID Disclosure
  author: Devang-Solanki
  severity: high
  description: Razorpay Client ID is exposed to external users.
  reference:
    - https://github.com/streaak/keyhacks#Razorpay-keys
    - https://docs.gitguardian.com/secrets-detection/detectors/specifics/razorpay_apikey
--- a/http/iot/hp-device-info-detect.yaml
+++ b/http/iot/hp-device-info-detect.yaml
@ -4,6 +4,7 @@ info:
  name: HP Device Info Detection
  author: pussycat0x
  severity: low
  description: Internal info is disclosed to external users in HP Device.
  reference: https://www.exploit-db.com/ghdb/6905
  metadata:
    max-request: 1
--- a/http/misconfiguration/adobe/adobe-connect-username-exposure.yaml
+++ b/http/misconfiguration/adobe/adobe-connect-username-exposure.yaml
@ -4,6 +4,7 @@ info:
  name: Adobe Connect Username Exposure
  author: dhiyaneshDk
  severity: low
  description: Adobe Connect Username is exposed.
  reference:
    - https://packetstormsecurity.com/files/161345/Adobe-Connect-10-Username-Disclosure.html
  metadata:
--- a/http/misconfiguration/aem/aem-acs-common.yaml
+++ b/http/misconfiguration/aem/aem-acs-common.yaml
@ -4,6 +4,7 @@ info:
  name: Adobe AEM ACS Common Exposure
  author: dhiyaneshDk
  severity: medium
  description: Adobe AEM ACS Common pages exposed.
  reference:
    - https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/aem2.txt
  metadata:
--- a/http/misconfiguration/aem/aem-cached-pages.yaml
+++ b/http/misconfiguration/aem/aem-cached-pages.yaml
@ -4,6 +4,7 @@ info:
  name: Invalidate / Flush Cached Pages on AEM
  author: hetroublemakr
  severity: low
  description: Cached Pages on AEM can be Flushed.
  reference:
    - https://twitter.com/AEMSecurity/status/1244965623689609217
  metadata:
--- a/http/misconfiguration/aem/aem-crx-namespace.yaml
+++ b/http/misconfiguration/aem/aem-crx-namespace.yaml
@ -4,6 +4,7 @@ info:
  name: Adobe AEM CRX Namespace Editor Exposure
  author: dhiyaneshDk
  severity: low
  description: Adobe AEM CRX Namespace Editor is exposed.
  reference:
    - https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/aem2.txt
  metadata:
--- a/http/misconfiguration/aem/aem-disk-usage.yaml
+++ b/http/misconfiguration/aem/aem-disk-usage.yaml
@ -4,6 +4,7 @@ info:
  name: Adobe AEM Disk Usage Information Disclosure
  author: dhiyaneshDk
  severity: low
  description: Adobe AEM Disk Usage Information is exposed.
  reference:
    - https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/aem2.txt
  metadata:
--- a/http/misconfiguration/aem/aem-dump-contentnode.yaml
+++ b/http/misconfiguration/aem/aem-dump-contentnode.yaml
@ -4,6 +4,7 @@ info:
  name: AEM Dump Content Node Properties
  author: DhiyaneshDK
  severity: medium
  description: Node Properties are exposed in AEM Dump.
  reference:
    - https://www.slideshare.net/0ang3el/hacking-aem-sites
  metadata:
--- a/http/misconfiguration/aem/aem-explorer-nodetypes.yaml
+++ b/http/misconfiguration/aem/aem-explorer-nodetypes.yaml
@ -4,6 +4,7 @@ info:
  name: Adobe AEM Explorer NodeTypes Exposure
  author: dhiyaneshDk
  severity: high
  description: Adobe AEM Explorer NodeTypes is exposed.
  reference:
    - https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/aem2.txt
  metadata:
--- a/http/misconfiguration/aem/aem-gql-servlet.yaml
+++ b/http/misconfiguration/aem/aem-gql-servlet.yaml
@ -4,6 +4,7 @@ info:
  name: AEM GQLServlet
  author: dhiyaneshDk,prettyboyaaditya
  severity: low
  description: AEM GQLServlet is exposed.
  reference:
    - https://helpx.adobe.com/experience-manager/6-3/sites/developing/using/reference-materials/javadoc/index.html?org/apache/jackrabbit/commons/query/GQL.html
  metadata:
--- a/http/misconfiguration/aem/aem-hash-querybuilder.yaml
+++ b/http/misconfiguration/aem/aem-hash-querybuilder.yaml
@ -4,6 +4,7 @@ info:
  name: Query hashed password via QueryBuilder Servlet
  author: DhiyaneshDk
  severity: medium
  description: AEM hased password can be queried via QueryBuilder Servlet.
  reference:
    - https://twitter.com/AEMSecurity/status/1372392101829349376
  metadata:
--- a/http/misconfiguration/aem/aem-misc-admin.yaml
+++ b/http/misconfiguration/aem/aem-misc-admin.yaml
@ -4,6 +4,7 @@ info:
  name: Adobe AEM Misc Admin Dashboard Exposure
  author: dhiyaneshDk
  severity: high
  description: Adobe AEM Misc Admin Dashboard is exposed.
  reference:
    - https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/aem2.txt
  metadata:
--- a/http/misconfiguration/aem/aem-offloading-browser.yaml
+++ b/http/misconfiguration/aem/aem-offloading-browser.yaml
@ -4,6 +4,7 @@ info:
  name: Adobe AEM Offloading Browser
  author: dhiyaneshDk
  severity: medium
  description: Adobe AEM Offloading Browser is exposed.
  reference:
    - https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/aem2.txt
  metadata:
--- a/http/misconfiguration/aem/aem-osgi-bundles.yaml
+++ b/http/misconfiguration/aem/aem-osgi-bundles.yaml
@ -4,6 +4,7 @@ info:
  name: Adobe AEM Installed OSGI Bundles
  author: dhiyaneshDk
  severity: low
  description: Adobe AEM Installed OSGI Bundles leaked.
  reference:
    - https://www.slideshare.net/0ang3el/hacking-aem-sites
  metadata:
--- a/http/misconfiguration/aem/aem-querybuilder-internal-path-read.yaml
+++ b/http/misconfiguration/aem/aem-querybuilder-internal-path-read.yaml
@ -4,6 +4,7 @@ info:
  name: AEM QueryBuilder Internal Path Read
  author: DhiyaneshDk
  severity: medium
  description: AEM QueryBuilder is vulnerable to LFI.
  reference:
    - https://speakerdeck.com/0ang3el/aem-hacker-approaching-adobe-experience-manager-webapps-in-bug-bounty-programs?slide=91
  metadata:
--- a/http/misconfiguration/aem/aem-security-users.yaml
+++ b/http/misconfiguration/aem/aem-security-users.yaml
@ -4,6 +4,7 @@ info:
  name: Adobe AEM Security Users Exposure
  author: dhiyaneshDk
  severity: medium
  description: Adobe AEM Security Users are exposed.
  reference:
    - https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/aem2.txt
  metadata:
--- a/http/misconfiguration/aem/aem-wcm-suggestions-servlet.yaml
+++ b/http/misconfiguration/aem/aem-wcm-suggestions-servlet.yaml
@ -4,6 +4,7 @@ info:
  name: AEM WCM Suggestions Servlet
  author: DhiyaneshDk
  severity: low
  description: AEM WCM Suggestions Servlet is exposed.
  reference:
    - https://speakerdeck.com/0ang3el/hunting-for-security-bugs-in-aem-webapps?slide=96
  metadata:
--- a/http/misconfiguration/airflow/airflow-debug.yaml
+++ b/http/misconfiguration/airflow/airflow-debug.yaml
@ -4,6 +4,7 @@ info:
  name: Airflow Debug Trace
  author: pdteam
  severity: low
  description: Airflow Debug Trace enabled.
  metadata:
    verified: true
    max-request: 1
--- a/http/misconfiguration/airflow/unauthenticated-airflow.yaml
+++ b/http/misconfiguration/airflow/unauthenticated-airflow.yaml
@ -4,6 +4,7 @@ info:
  name: Unauthenticated Airflow Instance
  author: dhiyaneshDK
  severity: high
  description: Airflow Instance is exposed.
  metadata:
    max-request: 2
    shodan-query: title:"Airflow - DAGs"
--- a/http/misconfiguration/ampache-update-exposure.yaml
+++ b/http/misconfiguration/ampache-update-exposure.yaml
@ -4,6 +4,7 @@ info:
  name: Ampache Update Page Exposure
  author: ritikchaddha
  severity: low
  description: Ampache update page is exposed.
  metadata:
    verified: true
    max-request: 1
--- a/http/misconfiguration/android-debug-database-exposed.yaml
+++ b/http/misconfiguration/android-debug-database-exposed.yaml
@ -4,6 +4,7 @@ info:
  name: Android Debug Manager
  author: dhiyaneshDK
  severity: low
  description: Android Debug Manger is exposed.
  metadata:
    max-request: 1
    shodan-query: http.title:"Android Debug Database"
--- a/http/misconfiguration/apache-drill-exposure.yaml
+++ b/http/misconfiguration/apache-drill-exposure.yaml
@ -4,6 +4,7 @@ info:
  name: Apache Drill Exposure
  author: DhiyaneshDK
  severity: low
  description: Apache Drill is exposed.
  metadata:
    verified: true
    max-request: 1
--- a/http/misconfiguration/apache-druid-unauth.yaml
+++ b/http/misconfiguration/apache-druid-unauth.yaml
@ -4,6 +4,7 @@ info:
  name: Apache Druid Unauth
  author: DhiyaneshDk
  severity: low
  description: Apache Druid is exposed to external users.
  metadata:
    verified: true
    max-request: 1
--- a/http/misconfiguration/apache-impala.yaml
+++ b/http/misconfiguration/apache-impala.yaml
@ -4,6 +4,7 @@ info:
  name: Apache Impala - Exposure
  author: DhiyaneshDk
  severity: medium
  description: Apache Impala is exposed.
  reference:
    - https://www.facebook.com/photo/?fbid=627585602745296&set=pcb.627585619411961
  metadata:
--- a/http/misconfiguration/apache-struts-showcase.yaml
+++ b/http/misconfiguration/apache-struts-showcase.yaml
@ -4,6 +4,7 @@ info:
  name: Apache Struts - ShowCase Application Exposure
  author: DhiyaneshDK
  severity: low
  description: Apache Structs ShowCase Application is exposed.
  reference:
    - https://github.com/PortSwigger/j2ee-scan/blob/master/src/main/java/burp/j2ee/issues/impl/ApacheStrutsWebConsole.java
  metadata:
--- a/http/misconfiguration/apache/apache-couchdb-unauth.yaml
+++ b/http/misconfiguration/apache/apache-couchdb-unauth.yaml
@ -4,6 +4,7 @@ info:
  name: Apache CouchDB - Unauthenticated Access
  author: SleepingBag945
  severity: high
  description: Apache CouchDB is exposed to external users.
  reference:
    - https://github.com/ax1sX/SecurityList/blob/main/Database/CouchDB.md
    - https://github.com/taomujian/linbing/blob/master/python/app/plugins/http/CouchDB/Couchdb_Unauthorized.py
--- a/http/misconfiguration/apache/apache-hbase-unauth.yaml
+++ b/http/misconfiguration/apache/apache-hbase-unauth.yaml
@ -4,6 +4,7 @@ info:
  name: Apache Hbase Unauth
  author: pikpikcu
  severity: medium
  description: Apache Hbase is exposed.
  metadata:
    max-request: 1
  tags: apache,unauth,misconfig
--- a/http/misconfiguration/apache/apache-storm-unauth.yaml
+++ b/http/misconfiguration/apache/apache-storm-unauth.yaml
@ -4,6 +4,7 @@ info:
  name: Apache Storm Unauth
  author: pikpikcu
  severity: medium
  description: Apache Storm instance is exposed.
  reference:
    - https://storm.apache.org/releases/current/STORM-UI-REST-API.html
  metadata:
--- a/http/misconfiguration/apc-info.yaml
+++ b/http/misconfiguration/apc-info.yaml
@ -4,6 +4,7 @@ info:
  name: APCu service information leakage
  author: koti2
  severity: low
  description: APCu service is vulnerable to information leakage.
  metadata:
    max-request: 2
  tags: config,service,apcu,misconfig
--- a/http/misconfiguration/artifactory-anonymous-deploy.yaml
+++ b/http/misconfiguration/artifactory-anonymous-deploy.yaml
@ -4,6 +4,7 @@ info:
  name: Artifactory anonymous deploy
  author: panch0r3d
  severity: high
  description: Artifactory anonymous repo is exposed.
  reference:
    - https://www.errno.fr/artifactory/Attacking_Artifactory.html
  metadata:
--- a/http/misconfiguration/aws/aws-object-listing.yaml
+++ b/http/misconfiguration/aws/aws-object-listing.yaml
@ -4,6 +4,7 @@ info:
  name: AWS bucket with Object listing
  author: pdteam
  severity: low
  description: Object listing is enabled in AWS bucket.
  reference:
    - https://mikey96.medium.com/cloud-based-storage-misconfigurations-critical-bounties-361647f78a29
  metadata:
--- a/http/misconfiguration/bitbucket-public-repository.yaml
+++ b/http/misconfiguration/bitbucket-public-repository.yaml
@ -4,6 +4,7 @@ info:
  name: Atlassian Bitbucket Public Repository Exposure
  author: DhiyaneshDk
  severity: low
  description: Bitbucket Public Repository is exposed.
  metadata:
    verified: true
    max-request: 2
--- a/http/misconfiguration/bravia-signage.yaml
+++ b/http/misconfiguration/bravia-signage.yaml
@ -4,6 +4,7 @@ info:
  name: BRAVIA Signage - Exposure
  author: DhiyaneshDK
  severity: medium
  description: Bravia Signage is exposed.
  reference:
    - https://twitter.com/WhiteOakSec/status/1667197552461004800
    - https://www.whiteoaksecurity.com/blog/sony-bravia-remote-code-execution-disclosure/
--- a/http/misconfiguration/casdoor-users-password.yaml
+++ b/http/misconfiguration/casdoor-users-password.yaml
@ -4,6 +4,7 @@ info:
  name: Casdoor get-users Account Password Disclosure
  author: DhiyaneshDk
  severity: high
  description: Casdoor get-users Account Password is exposed.
  reference:
    - https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Casbin%20get-users%20%E8%B4%A6%E5%8F%B7%E5%AF%86%E7%A0%81%E6%B3%84%E6%BC%8F%E6%BC%8F%E6%B4%9E.md?plain=1
    - https://github.com/qingchenhh/qc_poc/blob/main/Goby/Casbin_get_users.go
--- a/http/misconfiguration/chatgpt-web-unauth.yaml
+++ b/http/misconfiguration/chatgpt-web-unauth.yaml
@ -4,6 +4,7 @@ info:
  name: ChatGPT Web - Unauthorized Access
  author: SleepingBag945
  severity: high
  description: ChatGPT Web is exposed.
  metadata:
    verified: true
    max-request: 1
--- a/http/misconfiguration/clickhouse-unauth-api.yaml
+++ b/http/misconfiguration/clickhouse-unauth-api.yaml
@ -4,6 +4,7 @@ info:
  name: ClickHouse API Database Interface - Improper Authorization
  author: DhiyaneshDk
  severity: high
  description: Clickhouse API Database is exposed.
  reference:
    - https://github.com/luck-ying/Library-POC/blob/master/ClickHouse%E6%95%B0%E6%8D%AE%E5%BA%93/ClickHouse%E6%95%B0%E6%8D%AE%E5%BA%93%208123%E7%AB%AF%E5%8F%A3%E7%9A%84%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE.py
    - https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/redteam/vulnerability/unauthorized/ClickHouse%208123%E7%AB%AF%E5%8F%A3.md?plain=1
--- a/http/misconfiguration/clockwork-dashboard-exposure.yaml
+++ b/http/misconfiguration/clockwork-dashboard-exposure.yaml
@ -4,6 +4,7 @@ info:
  name: Clockwork Dashboard Exposure
  author: dhiyaneshDk
  severity: high
  description: Clockwork Dashboard is exposed.
  reference:
    - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/clockwork-dashboard-exposure.json
  metadata:
--- a/http/misconfiguration/cloud-metadata.yaml
+++ b/http/misconfiguration/cloud-metadata.yaml
@ -4,6 +4,7 @@ info:
  name: GCP/AWS Metadata Disclosure
  author: DhiyaneshDk
  severity: low
  description: GCP/AWS Metadata is exposed.
  reference: https://www.facebook.com/ExWareLabs/photos/pcb.5605494709514357/5605493856181109/
  metadata:
    verified: true
--- a/http/misconfiguration/cluster-panel.yaml
+++ b/http/misconfiguration/cluster-panel.yaml
@ -4,6 +4,7 @@ info:
  name: Cluster Overview - Unauthenticated Dashboard Exposure
  author: tess
  severity: medium
  description: Cluster Overview dashboard is exposed.
  metadata:
    verified: true
    max-request: 1
--- a/http/misconfiguration/codeigniter-errorpage.yaml
+++ b/http/misconfiguration/codeigniter-errorpage.yaml
@ -4,6 +4,7 @@ info:
  name: CodeIgniter - Error Page
  author: j4vaovo
  severity: low
  description: CodeIgniter error debug are enabled.
  metadata:
    verified: true
    max-request: 1
--- a/http/misconfiguration/codemeter-webadmin.yaml
+++ b/http/misconfiguration/codemeter-webadmin.yaml
@ -4,6 +4,7 @@ info:
  name: CodeMeter Webadmin Dashboard
  author: DhiyaneshDk
  severity: low
  description: CodeMeter Webadmin Dashboard is exposed.
  metadata:
    verified: true
    max-request: 1
--- a/http/misconfiguration/codis-dashboard.yaml
+++ b/http/misconfiguration/codis-dashboard.yaml
@ -4,6 +4,7 @@ info:
  name: Codis Dashboard Exposure
  author: tess
  severity: low
  description: Codis Dashboard is exposed.
  metadata:
    verified: true
    max-request: 1
--- a/http/misconfiguration/collectd-exporter-metrics.yaml
+++ b/http/misconfiguration/collectd-exporter-metrics.yaml
@ -4,6 +4,7 @@ info:
  name: Collectd Exporter Metrics
  author: DhiyaneshDk
  severity: low
  description: Collectd Exporter Metrics is exposed.
  metadata:
    verified: true
    max-request: 1
--- a/http/misconfiguration/confluence-dashboard.yaml
+++ b/http/misconfiguration/confluence-dashboard.yaml
@ -4,6 +4,7 @@ info:
  name: Confluence Dashboard Exposed
  author: tess
  severity: low
  description: Confluence Dashboard is exposed.
  metadata:
    verified: true
    max-request: 1
--- a/http/misconfiguration/debug/flask-werkzeug-debug.yaml
+++ b/http/misconfiguration/debug/flask-werkzeug-debug.yaml
@ -4,6 +4,7 @@ info:
  name: Flask Werkzeug Debugger Exposure
  author: DhiyaneshDk
  severity: low
  description: Flask Werkzeug Debugger is exposed.
  metadata:
    verified: true
    max-request: 1
--- a/http/misconfiguration/django-debug-detect.yaml
+++ b/http/misconfiguration/django-debug-detect.yaml
@ -4,6 +4,7 @@ info:
  name: Django Debug Method Enabled
  author: dhiyaneshDK,hackergautam
  severity: medium
  description: Django Debug Method is enabled.
  metadata:
    max-request: 1
  tags: django,debug,misconfig
--- a/Show More
+++ b/Show More