nuclei-templates/exposures/configs/syfmony-profiler.yaml

26 lines
498 B
YAML

id: syfmony-profiler
info:
name: SymfonyProfiler information leakage
author: wabafet
severity: medium
requests:
- method: GET
path:
- "{{BaseURL}}/_profiler/phpinfo.php"
- "{{BaseURL}}/_profiler/phpinfo"
matchers-condition: and
matchers:
- type: word
words:
- "$_SERVER['SERVER_NAME']"
- "$_ENV['APP_SECRET']"
- "$_ENV['SYMFONY_DOTENV_VARS']"
condition: or
- type: status
status:
- 200