id: redmine-settings info: name: Redmine settings.yml File Disclosure author: DhiyaneshDK severity: info reference: https://www.exploit-db.com/ghdb/5796 classification: cpe: cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:* metadata: verified: true max-request: 3 vendor: redmine product: redmine google-query: intitle:"index of" "settings.yml" tags: misconfig,redmine,devops,files,exposure http: - method: GET path: - "{{BaseURL}}/settings.yml" - "{{BaseURL}}/config/settings.yml" - "{{BaseURL}}/redmine/config/settings.yml" stop-at-first-match: true matchers-condition: and matchers: - type: word words: - 'format:' - 'default:' - 'Redmine' condition: and - type: status status: - 200 # digest: 4a0a004730450220186d23b24f9283dfe481d498f9cc88bf5cb7aaa3e997bb2d6ba6ebf7a1285dc2022100ede224056e027e6b184d789d782518d4463405ac3d2a3fd9864d46202deab695:922c64590222798bb761d5b6d8e72950