id: redmine-config info: name: Redmine Configuration File - Detect author: DhiyaneshDK severity: high description: Redmine configuration file was detected. reference: - https://www.exploit-db.com/ghdb/5803 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cwe-id: CWE-200 metadata: max-request: 3 verified: true google-query: intitle:"index of" configuration.yml tags: exposure,redmine,devops,edb,files http: - method: GET path: - "{{BaseURL}}/configuration.yml" - "{{BaseURL}}/config/configuration.yml" - "{{BaseURL}}/redmine/config/configuration.yml" stop-at-first-match: true matchers-condition: and matchers: - type: word part: body words: - "user_name" - "password" - "Redmine" condition: and - type: word part: header words: - "application/json" - "text/html" negative: true condition: and - type: status status: - 200 # Enhanced by md on 2023/03/07