id: apache-filename-brute-force
info:
  name: Apache Filename Brute Force
  author: geeknik
  description: If the client provides an invalid Accept header, the server will respond with a 406 Not Acceptable error containing a pseudo directory listing.
  reference: |
    - https://hackerone.com/reports/210238
    - https://www.acunetix.com/vulnerabilities/web/apache-mod_negotiation-filename-bruteforcing/
  severity: low
  tags: apache

requests:
  - method: GET
    headers:
      Accept: "fake/value"
    path:
      - "{{BaseURL}}/index"

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 406
      - type: word
        words:
          - "Not Acceptable"
          - "Available variants:"
          - "<address>Apache Server at"
        condition: and