daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update and rename htdeployment.yaml to ht-deployment.yaml

patch-1
Dhiyaneshwaran 2024-04-17 17:54:00 +05:30 committed by GitHub
parent 6ed631f48f
commit aea53a5dc3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
http/exposures/files/htdeployment.yaml → http/exposures/files/ht-deployment.yaml
View File

@ -1,10 +1,11 @@
id: htdeployment
id: ht-deployment
info:
name: .htdeployment - files tree cache file
author: Michal Mikolas (nanuqcz)
name: .htdeployment - Files Tree Cache File
author: Michal-Mikolas
severity: medium
description: FTP Deployment cache file that contains whole files structure with paths to potentially sensitive files.
description: |
FTP Deployment cache file that contains whole files structure with paths to potentially sensitive files.
remediation: Block access to the file using `.htaccess` on the server. The best-practise is to block all the folders/files beginning with `.` except `.well-known` folder.
reference:
- https://github.com/dg/ftp-deployment/tree/master
@ -16,6 +17,7 @@ info:
verified: true
vendor: dg
product: ftp-deployment
max-request: 2
tags: files,exposure,php,deployment,cache
http:
@ -30,6 +32,8 @@ http:
part: body
words:
- "[config]"
- "1F 8B"
condition: or
- type: word
part: header