mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-01-31 15:53:33 +08:00
34 lines
1.1 KiB
YAML
34 lines
1.1 KiB
YAML
id: mamp-phpinfo-exposure
|
|
|
|
info:
|
|
name: MAMP - PHP Info Exposure
|
|
author: 0x_Akoko
|
|
severity: low
|
|
description: |
|
|
Detected MAMP server was exposed phpinfo() page, revealing sensitive PHP configuration, server paths, and environment variables.
|
|
reference:
|
|
- https://www.mamp.info/
|
|
- https://www.acunetix.com/vulnerabilities/web/phpinfo-pages/
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
|
cvss-score: 5.3
|
|
cwe-id: CWE-200
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
fofa-query: title="MAMP"
|
|
tags: mamp,phpinfo,exposure,misconfig
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/MAMP/phpinfo.php"
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- 'status_code == 200'
|
|
- 'contains_all(body, "phpinfo()", "PHP Version")'
|
|
- 'contains_any(body, "MAMP", "/Applications/MAMP", "C:\\MAMP")'
|
|
condition: and
|
|
# digest: 4a0a00473045022001cdb347fedd8dcc1e1277d053e3fc4c9344920b95d05e4f65fce7d2d6508d7c022100942a45896e03ef3cd0699c82a867f850a3bbff3da937a8c767fd6e409fe6ec52:922c64590222798bb761d5b6d8e72950 |