id: websheets-config

info:
  name: Websheets Configuration File - Detect
  author: geeknik
  severity: high
  description: Websheets configuration file was detected.
  reference:
    - https://github.com/daveagp/websheets
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-200
  metadata:
    verified: true
    max-request: 2
  tags: websheets,config,exposure,files

http:
  - method: GET
    path:
      - '{{BaseURL}}/ws-config.json'
      - '{{BaseURL}}/ws-config.example.json'

    stop-at-first-match: true

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '"db-password":'
          - '"db-database":'
        condition: and

      - type: status
        status:
          - 200

# digest: 4a0a00473045022100c4965409b279bcf296a5c8c59ae0ea758ba64b0ba5568ba7fba213f50087617502204abb8a67f34ac4a2a2b09d0916f0da99681b42a07bdcf4a0d07e77d9ae157b1a:922c64590222798bb761d5b6d8e72950