id: zend-config-file info: name: Zend Configuration File author: pdteam,geeknik,Akokonunes severity: high tags: config,exposure,zend,php requests: - method: GET path: - "{{BaseURL}}/application/configs/application.ini" - "{{BaseURL}}/admin/configs/application.ini" - "{{BaseURL}}/application.ini" - "{{BaseURL}}/aplicacao/application/configs/application.ini" - "{{BaseURL}}/cloudexp/application/configs/application.ini" - "{{BaseURL}}/cms/application/configs/application.ini" - "{{BaseURL}}/moto/application/configs/application.ini" - "{{BaseURL}}/Partners/application/configs/application.ini" - "{{BaseURL}}/radio/application/configs/application.ini" - "{{BaseURL}}/seminovos/application/configs/application.ini" - "{{BaseURL}}/shop/application/configs/application.ini" - "{{BaseURL}}/site_cg/application/configs/application.ini" - "{{BaseURL}}/slr/application/configs/application.ini" stop-at-first-match: true matchers-condition: and matchers: - type: regex regex: - "db.*(.password).*=" - "db.*(.username).*=" condition: and - type: word words: - "text/plain" part: header - type: status status: - 200