id: apache-filename-enum

info:
  name: Apache Filename Enumeration
  author: geeknik
  severity: low
  description: If the client provides an invalid Accept header, the server will respond with a 406 Not Acceptable error containing a pseudo directory listing.
  reference:
    - https://hackerone.com/reports/210238
    - https://www.acunetix.com/vulnerabilities/web/apache-mod_negotiation-filename-bruteforcing/
  metadata:
    max-request: 1
  tags: apache,misconfig,hackerone

http:
  - method: GET

    headers:
      Accept: "fake/value"
    path:
      - "{{BaseURL}}/index"

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 406

      - type: word
        words:
          - "Not Acceptable"
          - "Available variants:"
          - "<address>Apache Server at"
        condition: and

# digest: 4b0a00483046022100b2ca66ab92aee03e5a60e28447ab4144da2ca1be69f322812581c250fac52b33022100f17850ca1f575b1427d7732e20795fb329445f7a3d7b68a8626a565502fa78a2:922c64590222798bb761d5b6d8e72950