mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-01-31 15:53:33 +08:00
33 lines
1.3 KiB
YAML
33 lines
1.3 KiB
YAML
id: php-debugbar-exposure
|
|
|
|
info:
|
|
name: Php Debug Bar - Exposure
|
|
author: ritikchaddha,pdteam,DhiyaneshDk,geeknik
|
|
severity: high
|
|
description: |
|
|
The DebugBar integrates easily into projects and can display profiling data from any part of your application.This template detects exposed PHP Debug Bars by looking for known response bodies and the `phpdebugbar-id` in headers.
|
|
reference:
|
|
- https://hackerone.com/reports/1883806
|
|
- http://phpdebugbar.com/
|
|
- https://github.com/maximebf/php-debugbar
|
|
metadata:
|
|
verified: true
|
|
max-request: 2
|
|
shodan-query: html:"phpdebugbar"
|
|
tags: misconfig,php,phpdebug,exposure,debug,vuln
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}"
|
|
- "{{BaseURL}}/_debugbar/open"
|
|
|
|
stop-at-first-match: true
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- 'contains_all(body, "phpdebugbar", "widget") && status_code == 200'
|
|
- 'contains(header, "phpdebugbar-id")'
|
|
- 'contains_all(body, "\"utime\"","\"datetime\"","{\"id") && contains(content_type, "application/json")'
|
|
condition: or
|
|
# digest: 4a0a0047304502205bd89db89e59c60cbe2d67897e2de6173ac9a8569b8a37f0175fd2ebf67f231d0221009401028add4df195443d94ef39005ce81e9cd1424aaf6aabb6489cf85aa96709:922c64590222798bb761d5b6d8e72950 |