id: ioncube-loader-wizard

info:
  name: Ioncube Loader Wizard disclosure
  author: Mubassirpatel
  severity: medium
  description: ioncube-loader-wizard is vulnerable to xss,phpinfo, etc.
  reference: https://firefart.at/post/multiple-vulnerabilities-in-ioncube-loader-wizard/
  tags: ioncube,disclosure,exposure

requests:
  - method: GET
    path:
      - "{{BaseURL}}/ioncube/loader-wizard.php"
      - "{{BaseURL}}/loader-wizard.php"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "ionCube Loader Wizard"
        part: body

      - type: status
        status:
          - 200