Merge pull request #10194 from projectdiscovery/laragon-phpinfo

Create laragon-phpinfo.yaml
2024-07-09 14:20:06 +05:30 · 2024-07-09 14:20:06 +05:30 · d0f889bd15
parent 9629031d75 5de7c39274
commit d0f889bd15
1 changed files with 37 additions and 0 deletions
--- a/http/misconfiguration/laragon-phpinfo.yaml
+++ b/http/misconfiguration/laragon-phpinfo.yaml
@ -0,0 +1,37 @@
+id: laragon-phpinfo
+
+info:
+  name: Laragon - phpinfo Disclosure
+  author: DhiyaneshDk
+  severity: low
+  description: |
+    Laragon phpinfo file was exposed.
+  metadata:
+    verified: true
+    max-request: 1
+    shodan-query: html:"Laragon" html:"phpinfo"
+  tags: laragon,exposure,misconfig
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/?q=info"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "PHP Extension"
+          - "PHP Version"
+        condition: and
+
+      - type: status
+        status:
+          - 200
+
+    extractors:
+      - type: regex
+        group: 1
+        regex:
+          - '>PHP Version <\/td><td class="v">([0-9.]+)'
+        part: body