id: roundcube-log-disclosure info: name: Roundcube Log Disclosure author: dhiyaneshDk severity: low reference: https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/roundcube-log-disclosure.json tags: exposure,logs requests: - method: GET path: - "{{BaseURL}}/roundcube/logs/sendmail" - "{{BaseURL}}/roundcube/logs/errors.log" matchers-condition: and matchers: - type: word words: - "IMAP Error:" part: body - type: status status: - 200