id: plesk-stat info: name: Webalizer Log Analyzer Configuration - Detect author: th3.d1p4k severity: medium description: Webalizer log analyzer configuration was detected. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cwe-id: CWE-200 reference: - http://www.webalizer.org tags: config,exposure,plesk requests: - method: GET path: - "{{BaseURL}}/plesk-stat/" matchers-condition: and matchers: - type: status status: - 200 - type: word words: - 'Index of /plesk-stat' - 'Parent Directory' condition: and - type: word words: - 'anon_ftpstat' - 'ftpstat' - 'webstat-ssl' - 'webstat' condition: or # Enhanced by md on 2023/02/22