24 lines
716 B
YAML
24 lines
716 B
YAML
id: apache-tomcat-snoop
|
|
|
|
info:
|
|
name: Apache Tomcat example page disclosure - snoop
|
|
author: pdteam
|
|
severity: low
|
|
description: The following example scripts that come with Apache Tomcat v4.x - v7.x and can be used by attackers to gain information about the system. These scripts are also known to be vulnerable to cross site scripting (XSS) injection.
|
|
|
|
# Reference:- https://www.rapid7.com/db/vulnerabilities/apache-tomcat-example-leaks
|
|
|
|
requests:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/examples/jsp/snp/snoop.jsp"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- 'Request URI: /examples/jsp/snp/snoop.jsp'
|
|
|
|
- type: status
|
|
status:
|
|
- 200 |