From 837cbb0ae96dc9ef92952db507147b4809fd09eb Mon Sep 17 00:00:00 2001
From: Aman Rawat <35992750+theamanrawat@users.noreply.github.com>
Date: Tue, 13 Jan 2026 10:43:34 +0530
Subject: [PATCH] Create cacti-fpd.yaml

---
 http/misconfiguration/cacti-fpd.yaml | 43 ++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 http/misconfiguration/cacti-fpd.yaml

diff --git a/http/misconfiguration/cacti-fpd.yaml b/http/misconfiguration/cacti-fpd.yaml
new file mode 100644
index 00000000000..4e83ac91c77
--- /dev/null
+++ b/http/misconfiguration/cacti-fpd.yaml
@@ -0,0 +1,43 @@
+id: cacti-fpd
+
+info:
+  name: Cacti - Full Path Disclosure
+  author: theamanrawat
+  severity: low
+  description: |
+    Detected a Full Path Disclosure (FPD) in Cacti when the log file is not writable. The error message reveals the absolute path of the log file on the server.
+  tags: cacti,fpd,exposure,path,misconfig
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+      - "{{BaseURL}}/cacti/"
+      - "{{BaseURL}}/index.php"
+      - "{{BaseURL}}/cacti/index.php"
+
+    stop-at-first-match: true
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "System log file is not available for writing"
+          - "please enable write access"
+        condition: and
+
+      - type: regex
+        part: body
+        regex:
+          - 'Log:\s+([a-zA-Z0-9/\\_.-]+cacti\.log)'
+
+      - type: status
+        status:
+          - 200
+
+    extractors:
+      - type: regex
+        part: body
+        group: 1
+        regex:
+          - 'Log:\s+([a-zA-Z0-9/\\_.-]+cacti\.log)'