id: magento-config info: name: Magento Config Disclosure author: geeknik severity: medium tags: config,exposure requests: - method: GET path: - "{{BaseURL}}/app/etc/local.xml" - "{{BaseURL}}/store/app/etc/local.xml" matchers-condition: and matchers: - type: status status: - 200 - type: word words: - "text/xml" part: header - type: word words: - "Magento" part: body