id: thumbs-db-disclosure

info:
  name: Thumbs DB Disclosure
  author: dhiyaneshDk
  severity: info
  reference:
    - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/thumbs-db-disclosure.json
  metadata:
    max-request: 1
  tags: exposure,files

http:
  - method: GET
    path:
      - "{{BaseURL}}/Thumbs.db"

    matchers-condition: and
    matchers:
      - type: binary
        binary:
          - 'D0CF11E0A1B11AE1'
        part: body

      - type: status
        status:
          - 200

# digest: 4a0a0047304502201ddbf3de5e3dca8b341f78493febc3707fa81bea9a0e793c576d20e3a4e2d745022100ba5bf553ef7f88ff0338d7b19f6c3b51c51fdb709a0f9d4f8f886104740c4cda:922c64590222798bb761d5b6d8e72950