nuclei-templates/misconfiguration/apache-tomcat-snoop.yaml

23 lines
712 B
YAML

id: apache-tomcat-snoop
info:
name: Apache Tomcat example page disclosure - snoop
author: pdteam
severity: low
description: The following example scripts that come with Apache Tomcat v4.x - v7.x and can be used by attackers to gain information about the system. These scripts are also known to be vulnerable to cross site scripting (XSS) injection.
reference: https://www.rapid7.com/db/vulnerabilities/apache-tomcat-example-leaks
requests:
- method: GET
path:
- "{{BaseURL}}/examples/jsp/snp/snoop.jsp"
matchers-condition: and
matchers:
- type: word
words:
- 'Request URI: /examples/jsp/snp/snoop.jsp'
- type: status
status:
- 200