id: routes-ini

info:
  name: routes.ini File Exposure
  author: geeknik
  severity: info
  metadata:
    verified: true
    max-request: 15
    google-query: intitle:"index of" "routes.ini"
    github-query: filename:routes.ini
  tags: routes,config,exposure,files

http:
  - method: GET
    path:
      - "{{BaseURL}}{{paths}}"
    payloads:
      paths:
        - "/routes.ini"
        - "/config/routes.ini"
        - "/admin/configs/routes.ini"
        - "/application/configs/routes.ini"
        - "/aplicacao/routes/configs/routes.ini"
        - "/routes/configs/routes.ini"
        - "/cloudexp/routes/configs/routes.ini"
        - "/cms/routes/configs/routes.ini"
        - "/moto/routes/configs/routes.ini"
        - "/Partners/routes/configs/routes.ini"
        - "/radio/routes/configs/routes.ini"
        - "/seminovos/routes/configs/routes.ini"
        - "/shop/routes/configs/routes.ini"
        - "/site_cg/routes/configs/routes.ini"
        - "/slr/routes/configs/routes.ini"

    stop-at-first-match: true

    matchers-condition: or
    matchers:
      - type: word
        part: body
        words:
          - "defaults.action"
          - "routes.admin"
        condition: and

      - type: word
        part: body
        words:
          - "[routes]"
          - "GET /"
        condition: and
# digest: 4a0a00473045022100d576d524845ce2125e7e6b8cf712d66ed1ce3796f312c9561cad6215c49a8db702201bad8deeffe945be7980d518f4c9d4d9146f688f231539f5a4968c0621637d20:922c64590222798bb761d5b6d8e72950