id: magento-config info: name: Magento Config Disclosure author: geeknik severity: medium requests: - method: GET path: - "{{BaseURL}}/app/etc/local.xml" - "{{BaseURL}}/store/app/etc/local.xml" matchers-condition: and matchers: - type: status status: 200 - type: word part: header words: - "text/xml" - type: word part: body words: - "Magento"