From 22d4cfb5ce906a733996bd0f224a87f2988761b2 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Fri, 1 Jan 2021 22:19:42 +0530 Subject: [PATCH 1/8] ASP.NET Debug Method Enabled --- security-misconfiguration/asp.net-debug.yaml | 31 ++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 security-misconfiguration/asp.net-debug.yaml diff --git a/security-misconfiguration/asp.net-debug.yaml b/security-misconfiguration/asp.net-debug.yaml new file mode 100644 index 0000000000..71e772b9df --- /dev/null +++ b/security-misconfiguration/asp.net-debug.yaml @@ -0,0 +1,31 @@ +id: asp.net-debug.yaml + +info: + name: ASP.NET Debugging Enabled + author: dhiyaneshDk + severity: info + reference: https://portswigger.net/kb/issues/00100800_asp-net-debugging-enabled + + # https://cwe.mitre.org/data/definitions/11.html + +requests: + - raw: + - | + DEBUG / HTTP/1.1 + Host: {{Hostname}} + Command: stop-debug + User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 + Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 + Accept-Language: en-US,en;q=0.5 + Content-Length: 2 + + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - 'OK' + part: body + From 6898b7541ebe7a88c33875dc2cbb9e1a45eb2bc5 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Fri, 1 Jan 2021 22:29:06 +0530 Subject: [PATCH 2/8] Delete asp.net-debug.yaml --- security-misconfiguration/asp.net-debug.yaml | 31 -------------------- 1 file changed, 31 deletions(-) delete mode 100644 security-misconfiguration/asp.net-debug.yaml diff --git a/security-misconfiguration/asp.net-debug.yaml b/security-misconfiguration/asp.net-debug.yaml deleted file mode 100644 index 71e772b9df..0000000000 --- a/security-misconfiguration/asp.net-debug.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: asp.net-debug.yaml - -info: - name: ASP.NET Debugging Enabled - author: dhiyaneshDk - severity: info - reference: https://portswigger.net/kb/issues/00100800_asp-net-debugging-enabled - - # https://cwe.mitre.org/data/definitions/11.html - -requests: - - raw: - - | - DEBUG / HTTP/1.1 - Host: {{Hostname}} - Command: stop-debug - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 - Accept-Language: en-US,en;q=0.5 - Content-Length: 2 - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - words: - - 'OK' - part: body - From 9f7e063d082adf5456e62ff2291f630fc5794895 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Fri, 1 Jan 2021 22:29:30 +0530 Subject: [PATCH 3/8] ASP.NET Debugging Enabled --- security-misconfiguration/asp.net-debug.yaml | 30 ++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 security-misconfiguration/asp.net-debug.yaml diff --git a/security-misconfiguration/asp.net-debug.yaml b/security-misconfiguration/asp.net-debug.yaml new file mode 100644 index 0000000000..41080b5620 --- /dev/null +++ b/security-misconfiguration/asp.net-debug.yaml @@ -0,0 +1,30 @@ +id: asp.net-debug.yaml + +info: + name: ASP.NET Debugging Enabled + author: dhiyaneshDk + severity: info + reference: https://portswigger.net/kb/issues/00100800_asp-net-debugging-enabled + + # https://cwe.mitre.org/data/definitions/11.html + +requests: + - raw: + - | + DEBUG / HTTP/1.1 + Host: {{Hostname}} + Command: stop-debug + User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 + Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 + Accept-Language: en-US,en;q=0.5 + Content-Length: 2 + + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - 'OK' + part: body From 15302299af2e808b80cdb3e917e124172044c4e9 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Fri, 1 Jan 2021 22:37:18 +0530 Subject: [PATCH 4/8] Update asp.net-debug.yaml --- security-misconfiguration/asp.net-debug.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/security-misconfiguration/asp.net-debug.yaml b/security-misconfiguration/asp.net-debug.yaml index 41080b5620..4adb689cf3 100644 --- a/security-misconfiguration/asp.net-debug.yaml +++ b/security-misconfiguration/asp.net-debug.yaml @@ -6,11 +6,11 @@ info: severity: info reference: https://portswigger.net/kb/issues/00100800_asp-net-debugging-enabled - # https://cwe.mitre.org/data/definitions/11.html +# https://cwe.mitre.org/data/definitions/11.html requests: - - raw: - - | + - raw: + - | DEBUG / HTTP/1.1 Host: {{Hostname}} Command: stop-debug From 1e9cd5086309afbd90ff825caa09f26a60ca8e59 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Fri, 1 Jan 2021 23:57:50 +0530 Subject: [PATCH 6/8] Update asp.net-debug.yaml --- security-misconfiguration/asp.net-debug.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/security-misconfiguration/asp.net-debug.yaml b/security-misconfiguration/asp.net-debug.yaml index 4adb689cf3..f592762a8c 100644 --- a/security-misconfiguration/asp.net-debug.yaml +++ b/security-misconfiguration/asp.net-debug.yaml @@ -1,16 +1,16 @@ -id: asp.net-debug.yaml +id: asp.net-debug info: name: ASP.NET Debugging Enabled author: dhiyaneshDk severity: info - reference: https://portswigger.net/kb/issues/00100800_asp-net-debugging-enabled -# https://cwe.mitre.org/data/definitions/11.html + # References: + # - https://portswigger.net/kb/issues/00100800_asp-net-debugging-enabled requests: - raw: - - | + - | DEBUG / HTTP/1.1 Host: {{Hostname}} Command: stop-debug From aecd879ab3ddea9a50d92846c34f0bb72ae8ae95 Mon Sep 17 00:00:00 2001 From: team-projectdiscovery <8293321+bauthard@users.noreply.github.com> Date: Sat, 2 Jan 2021 09:35:29 +0530 Subject: [PATCH 7/8] updating matcers (WIP) --- .../{asp.net-debug.yaml => aspx-debug-mode.yaml} | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) rename security-misconfiguration/{asp.net-debug.yaml => aspx-debug-mode.yaml} (71%) diff --git a/security-misconfiguration/asp.net-debug.yaml b/security-misconfiguration/aspx-debug-mode.yaml similarity index 71% rename from security-misconfiguration/asp.net-debug.yaml rename to security-misconfiguration/aspx-debug-mode.yaml index f592762a8c..cd8b389d2e 100644 --- a/security-misconfiguration/asp.net-debug.yaml +++ b/security-misconfiguration/aspx-debug-mode.yaml @@ -1,17 +1,15 @@ -id: asp.net-debug +id: aspx-debug-mode info: name: ASP.NET Debugging Enabled author: dhiyaneshDk severity: info - - # References: - # - https://portswigger.net/kb/issues/00100800_asp-net-debugging-enabled + reference: https://portswigger.net/kb/issues/00100800_asp-net-debugging-enabled requests: - raw: - | - DEBUG / HTTP/1.1 + DEBUG /Foobar-debug.aspx HTTP/1.1 Host: {{Hostname}} Command: stop-debug User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 @@ -28,3 +26,7 @@ requests: words: - 'OK' part: body + - type: word + words: + - 'Microsoft' + part: header \ No newline at end of file From b4129fe06bf430a67eff5abeccf8132dbd0ff81e Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Sat, 2 Jan 2021 11:44:28 +0530 Subject: [PATCH 8/8] Update aspx-debug-mode.yaml --- security-misconfiguration/aspx-debug-mode.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/security-misconfiguration/aspx-debug-mode.yaml b/security-misconfiguration/aspx-debug-mode.yaml index cd8b389d2e..1f9220e853 100644 --- a/security-misconfiguration/aspx-debug-mode.yaml +++ b/security-misconfiguration/aspx-debug-mode.yaml @@ -28,5 +28,5 @@ requests: part: body - type: word words: - - 'Microsoft' - part: header \ No newline at end of file + - 'Content-Length: 2' + part: header