id: service-pwd info: name: service.pwd - Sensitive Information Disclosure author: pussycat0x severity: high description: service.pwd was discovered, which is likely to contain sensitive information. reference: - https://www.exploit-db.com/ghdb/7256 tags: exposure,listing,service,edb,misconfig metadata: max-request: 1 http: - method: GET path: - "{{BaseURL}}/_vti_pvt/service.pwd" matchers-condition: and matchers: - type: word words: - "# -FrontPage-" part: body - type: status status: - 200