id: phpgedview-installer

info:
  name: PhpGedView Installer Exposure
  author: ritikchaddha
  severity: high
  description: PhpGedView is susceptible to the Installation page exposure due to misconfiguration.
  metadata:
    verified: true
    max-request: 1
    shodan-query: html:"/phpgedview.db"
  tags: misconfig,phpgedview,install,exposure

http:
  - method: GET
    path:
      - '{{BaseURL}}/install.php'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'Installation Wizard'
          - 'phpgedview'
        condition: and
        case-insensitive: true

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100de5413c40cec17c528938b4d5331f66f32e7fedec740d8c834a338f13818067902210088f6d96fcefb274b9018df7f7bd42a801d545080f844ba73d4e9d78162110bcb:922c64590222798bb761d5b6d8e72950