nuclei-templates/http/exposures/configs/zend-config-file.yaml

49 lines
1.6 KiB
YAML

id: zend-config-file
info:
name: Zend Configuration File
author: pdteam,geeknik,Akokonunes
severity: high
description: Zend configuration file was exposed.
metadata:
max-request: 13
tags: config,exposure,zend,php
http:
- method: GET
path:
- "{{BaseURL}}/application/configs/application.ini"
- "{{BaseURL}}/admin/configs/application.ini"
- "{{BaseURL}}/application.ini"
- "{{BaseURL}}/aplicacao/application/configs/application.ini"
- "{{BaseURL}}/cloudexp/application/configs/application.ini"
- "{{BaseURL}}/cms/application/configs/application.ini"
- "{{BaseURL}}/moto/application/configs/application.ini"
- "{{BaseURL}}/Partners/application/configs/application.ini"
- "{{BaseURL}}/radio/application/configs/application.ini"
- "{{BaseURL}}/seminovos/application/configs/application.ini"
- "{{BaseURL}}/shop/application/configs/application.ini"
- "{{BaseURL}}/site_cg/application/configs/application.ini"
- "{{BaseURL}}/slr/application/configs/application.ini"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: regex
regex:
- "db.*(.password).*="
- "db.*(.username).*="
condition: and
- type: word
words:
- "text/plain"
part: header
- type: status
status:
- 200
# digest: 4b0a00483046022100818b5226d3793bcee715a51fe5421187123c9450277b33cd13c1b98a34fb2728022100972405673ca58a61d2de08a52a503e8c51752030325f66f11977baa42b8c6ce7:922c64590222798bb761d5b6d8e72950