commit
f93276bfcd
|
@ -0,0 +1,27 @@
|
|||
id: snoop-servlet
|
||||
|
||||
info:
|
||||
name: Snoop Servlet - Information Disclosure
|
||||
author: omranisecurity
|
||||
severity: low
|
||||
description: |
|
||||
The Snoop Servlet returns information about the HTTP request itself and sometimes. It could help an attacker to prepare more advanced attacks.
|
||||
reference:
|
||||
- https://www.acunetix.com/vulnerabilities/\web/snoop-servlet-information-disclosure/
|
||||
metadata:
|
||||
max-request: 1
|
||||
shodan-query: title:"Snoop Servlet"
|
||||
fofa-query: title="Snoop Servlet"
|
||||
tags: config,exposure,snoop,snoop-servlet
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/snoop"
|
||||
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'status_code == 200'
|
||||
- 'contains(body, "Snoop Servlet - Request/Client Information")'
|
||||
condition: and
|
Loading…
Reference in New Issue