id: symfony-database-config

info:
  name: Symfony Database Configuration Exposure
  author: pdteam,geeknik
  severity: high
  tags: config,exposure,symfony

requests:
  - method: GET
    path:
      - "{{BaseURL}}/config/databases.yml"
    matchers-condition: and
    matchers:
      - type: word
        part: header
        words:
          - "text/html"
        negative: true
      - type: status
        status:
          - 200
      - type: word
        words:
          - "class:"
          - "param:"
        condition: and
        part: body