51 lines
1.3 KiB
YAML
51 lines
1.3 KiB
YAML
id: wadl-api
|
|
|
|
info:
|
|
name: WADL API - Detect
|
|
author: 0xrudra,manuelbua
|
|
severity: info
|
|
description: WADL API was detected.
|
|
reference:
|
|
- https://github.com/dwisiswant0/wadl-dumper
|
|
- https://www.nopsec.com/leveraging-exposed-wadl-xml-in-burp-suite/
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
|
cvss-score: 0.0
|
|
cwe-id: CWE-200
|
|
tags: exposure,api
|
|
|
|
requests:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/application.wadl"
|
|
- "{{BaseURL}}/application.wadl?detail=true"
|
|
- "{{BaseURL}}/api/application.wadl"
|
|
- "{{BaseURL}}/api/v1/application.wadl"
|
|
- "{{BaseURL}}/api/v2/application.wadl"
|
|
|
|
stop-at-first-match: true
|
|
matchers:
|
|
- name: http-get
|
|
type: word
|
|
words:
|
|
- "This is simplified WADL with user and core resources only"
|
|
- "http://jersey.java.net"
|
|
- "http://wadl.dev.java.net/2009/02"
|
|
|
|
- method: OPTIONS
|
|
path:
|
|
- "{{BaseURL}}"
|
|
- "{{BaseURL}}/api/v1"
|
|
- "{{BaseURL}}/api/v2"
|
|
|
|
stop-at-first-match: true
|
|
matchers:
|
|
- name: http-options
|
|
type: word
|
|
words:
|
|
- "This is simplified WADL with user and core resources only"
|
|
- "http://jersey.java.net"
|
|
- "http://wadl.dev.java.net/2009/02"
|
|
|
|
# Enhanced by mp on 2023/02/05
|