id: filezilla-exposed

info:
  name: Filezilla
  author: amsda
  severity: medium
  description: Filezilla internal file is exposed.
  metadata:
    max-request: 3
  tags: exposure,files

http:
  - method: GET
    path:
      - "{{BaseURL}}/filezilla.xml"
      - "{{BaseURL}}/sitemanager.xml"
      - "{{BaseURL}}/FileZilla.xml"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "<FileZilla"
          - "<Servers>"
        condition: and

      - type: word
        words:
          - xml
        part: header

      - type: status
        status:
          - 200
# digest: 4a0a0047304502207fee4a16c8cef6431b75e2c9a57daa38049fa72bff5505c2f2ce892d08546f1f0221009038a74f5d1bc892bbaa1e3e43c38df60b3ffc882b78ffd4f1dcafbb97baab95:922c64590222798bb761d5b6d8e72950