id: jetbrains-webservers info: name: Jetbrains WebServers File Exposure author: geeknik severity: info description: | Created by Jetbrains IDEs, contains webserver credentials with encoded passwords. reference: - https://www.exploit-db.com/ghdb/6648 metadata: verified: true google-query: intitle:"index of" "WebServers.xml" tags: jetbrains,config,edb requests: - method: GET path: - "{{BaseURL}}/.idea/WebServers.xml" - "{{BaseURL}}/.idea/webServers.xml" - "{{BaseURL}}/.idea/webservers.xml" stop-at-first-match: true matchers-condition: and matchers: - type: word part: body words: - "" condition: and - type: word part: header words: - "application/xml" - "text/xml" condition: or - type: status status: - 200