Merge pull request #1237 from xElkomy/0

Create varnish-cache.yaml

misconfiguration/unautneicated-cache-purge.yaml

@@ -0,0 +1,27 @@
+id: unauthenticated-cache-purge
+info:
+  name: Varnish Unauthenticated Cache Purge
+  author: 0xelkomy
+  severity: low
+  description: As per guideline oen should protect purges with ACLs from unauthorized hosts.
+  reference: https://book.varnish-software.com/4.0/chapters/Cache_Invalidation.html
+  hackerone: https://hackerone.com/reports/154278
+  tags: varnish,misconfig,cache
+
+requests:
+  - method: PURGE
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '<title>200 Purged</title>'
+          - '"status": "ok"'
+        condition: or
+
+      - type: status
+        status:
+          - 200