Update rails-database-config.yaml

False positive reduction. 12 matches out of 2 million hosts and they all showed a content-type of `application/octet-stream`.
2021-06-05 12:50:49 +00:00 · 2021-06-05 12:50:49 +00:00 · f01abd3e6d
parent ba0d092d4d
commit f01abd3e6d
1 changed files with 8 additions and 2 deletions
--- a/exposures/configs/rails-database-config.yaml
+++ b/exposures/configs/rails-database-config.yaml
@ -2,7 +2,7 @@ id: rails-database-config

 info:
  name: Ruby-on-Rails Database Configuration Exposure
-  author: pdteam
+  author: pdteam & geeknik
  severity: low
  tags: config,exposure

@ -10,10 +10,16 @@ requests:
  - method: GET
    path:
      - "{{BaseURL}}/config/database.yml"
+
+    matchers-condition: and
    matchers:
+      - type: word
+        part: header
+        words:
+          - "application/octet-stream"
      - type: word
        words:
          - "adapter:"
          - "database:"
        condition: and
-        part: body
+        part: body