id: oauth-credentials-json

info:
  name: Oauth Credentials Json
  author: DhiyaneshDK
  severity: low
  description: Oauth Credentials file is exposed.
  metadata:
    verified: true
    max-request: 1
    google-query: intitle:"index of" "oauth-credentials.json"
  tags: exposure,oauth,files

http:
  - method: GET
    path:
      - "{{BaseURL}}/oauth-credentials.json"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '"client_id":'
          - '"client_secret":'
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a00473045022041fc17cca59bbef4e3e31421d2799cb3d2704b8725e1c2a056d958208acf955e022100a4e616ee9577789c9529c5ee8623bd5c7d6675323e9953a7fcc5c187da946f8b:922c64590222798bb761d5b6d8e72950