id: elfinder-version

info:
  name: elFinder version extractor
  author: idealphase
  severity: info
  description: elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary
    code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The issues were patched in version 2.1.59. As a workaround, ensure the connector is not exposed without authentication.
  reference:
    - https://github.com/Studio-42/elFinder/
  tags: tech,elfinder,oss

requests:
  - method: GET
    path:
      - "{{BaseURL}}/js/elfinder.min.js"
      - "{{BaseURL}}/js/elFinder.version.js"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "elFinder - file manager for web"
          - "elFinder.prototype.version ="
        condition: or

      - type: status
        status:
          - 200

    extractors:
      - type: regex
        group: 1
        regex:
          - '\* Version (.+) \('
          - "elFinder.prototype.version = '([0-9.]+)';"