id: error-logs info: name: Common Error Log Files author: geeknik,daffainfo,ELSFA7110,Hardik-Solanki severity: low description: Error log files were exposed. metadata: max-request: 29 tags: logs,exposure,error http: - method: GET path: - "{{BaseURL}}/php_errors.log" - "{{BaseURL}}/MyErrors.log" - "{{BaseURL}}/admin/error.log" - "{{BaseURL}}/admin/errors.log" - "{{BaseURL}}/admin/log/error.log" - "{{BaseURL}}/admin/logs/error.log" - "{{BaseURL}}/admin/logs/errors.log" - "{{BaseURL}}/application/logs/application.log" - "{{BaseURL}}/application/logs/default.log" - "{{BaseURL}}/config/error_log" - "{{BaseURL}}/error.log" - "{{BaseURL}}/error.txt" - "{{BaseURL}}/error/error.log" - "{{BaseURL}}/error_log" - "{{BaseURL}}/error_log.txt" - "{{BaseURL}}/errors.log" - "{{BaseURL}}/errors.txt" - "{{BaseURL}}/errors/errors.log" - "{{BaseURL}}/errors_log" - "{{BaseURL}}/log.log" - "{{BaseURL}}/log.txt" - "{{BaseURL}}/log/error.log" - "{{BaseURL}}/log/errors.log" - "{{BaseURL}}/logs.txt" - "{{BaseURL}}/logs/error.log" - "{{BaseURL}}/logs/errors.log" - "{{BaseURL}}/routes/error_log" - "{{BaseURL}}/{{Hostname}}/error.log" - "{{BaseURL}}/{{Hostname}}/errors.log" stop-at-first-match: true matchers-condition: and matchers: - type: word words: - "Segmentation Fault" - "coredump" - "script headers" - "Broken pipe" - "Array" - "Exception" - "Fatal" - "FastCGI sent in stderr" condition: or - type: word condition: or words: - text/plain - application/octet-stream part: header - type: status status: - 200 # digest: 4a0a0047304502206c44c24795b02dab3964041c43dc286be2fbb40aa3959ed89347c365fffcaac0022100ed65c1b0bb7e6c1aba1f35463ffab1c29afad02fcd2f474d020181279ac5a210:922c64590222798bb761d5b6d8e72950