id: sensitive-storage-data-expose info: name: Sensitive Storage Data Exposed author: pussycat0x severity: medium description: Searches for sensitive keys file,logs,debugbar,app. reference: https://www.exploit-db.com/ghdb/6304 tags: expose,listing,config,logs requests: - method: GET path: - "{{BaseURL}}/storage/" - "{{BaseURL}}/api_smartapp/storage/" - "{{BaseURL}}/equipbid/storage/" - "{{BaseURL}}/server/storage/" - "{{BaseURL}}/intikal/storage/" - "{{BaseURL}}/elocker_old/storage/" stop-at-first-match: true matchers-condition: and matchers: - type: word words: - "Index of" - "oauth-private.key" - "oauth-private.key" condition: and - type: status status: - 200