id: gitea-installer

info:
  name: Gitea Installer Exposure
  author: DhiyaneshDk
  severity: medium
  description: Gitea is susceptible to the Installation page exposure due to misconfiguration.
  metadata:
    verified: true
    max-request: 1
    shodan-query: 'title:"Installation -  Gitea: Git with a cup of tea"'
  tags: misconfig,gitea,install

http:
  - method: GET
    path:
      - '{{BaseURL}}'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'Installation -  Gitea: Git with a cup of tea'
          - 'Database Name'
        condition: and

      - type: word
        part: header
        words:
          - "text/html"

      - type: status
        status:
          - 200
# digest: 4a0a00473045022066f56b7a2930ae1593161115abd054f1cde3376fff7c907e4d98fda3fe72d90b02210091ea2d42390407b9c1751b0d9f8570ac5d7c9b510f6ca102fddee07b16022220:922c64590222798bb761d5b6d8e72950