id: wadl-files

info:
  name: wadl file disclosure
  author: 0xrudra & manuelbua
  severity: info

  # References:
  # - https://github.com/dwisiswant0/wadl-dumper
  # - https://www.nopsec.com/leveraging-exposed-wadl-xml-in-burp-suite/

requests:
  - method: GET
    path:
      - "{{BaseURL}}/application.wadl"
      - "{{BaseURL}}/application.wadl?detail=true"
      - "{{BaseURL}}/api/application.wadl"
      - "{{BaseURL}}/api/v1/application.wadl"
      - "{{BaseURL}}/api/v2/application.wadl"
    matchers:
      - name: http-get
        type: word
        words:
          - "This is simplified WADL with user and core resources only"
          - "\"http://jersey.java.net/\""
          - "http://wadl.dev.java.net/2009/02"
        condition: or
        part: body
  - method: OPTIONS
    path:
      - "{{BaseURL}}/"
      - "{{BaseURL}}/api/v1"
      - "{{BaseURL}}/api/v2"
    matchers:
      - name: http-options
        type: word
        words:
          - "This is simplified WADL with user and core resources only"
          - "\"http://jersey.java.net/\""
          - "http://wadl.dev.java.net/2009/02"
        condition: or
        part: body