admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-02-10 12:43:29 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
88ebf7891295697c8b91bbba00a194bbe1f28723
nuclei-templates/http/misconfiguration/debug/craftcms-debug-exposure.yaml
ghost 0a3fddc2e1 chore: sign templates 🤖
2026-01-29 06:16:30 +00:00

35 lines
1.4 KiB
YAML
Raw Blame History

id: craftcms-debug-exposure
info:
name: CraftCMS Debug Methods Exposed
author: 0x_Akoko
severity: medium
description: |
Detected CraftCMS with devMode enabled, which exposed the Yii2 debug toolbar and sensitive information. This misconfiguration could have leaked database queries, session data, cookies, stack traces, CSRF tokens, and internal application details to unauthenticated users.
reference:
- https://craftcms.com/docs/5.x/system/config.html#devmode
- https://www.acunetix.com/vulnerabilities/web/craft-cms-development-mode-enabled/
metadata:
max-request: 3
verified: true
shodan-query: http.component:"Craft CMS"
fofa-query: app="Craft-CMS"
tags: craftcms,debug,misconfiguration,exposure,yii2
http:
- method: GET
path:
- "{{BaseURL}}/actions/debug/default/index"
- "{{BaseURL}}/actions/debug/default/toolbar"
- "{{BaseURL}}/actions/debug/default/view"
stop-at-first-match: true
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains_any(body, "Yii Debugger", "yii-debug-toolbar", "Available Debug Data")'
- 'contains(header, "Craft CMS") || contains(body, "cpresources")'
condition: and
# digest: 490a00463044022070b59a8f65e840980eb414f2796506fdd18b70427d39a1021059bc585326c1bf02200f28d9f692e6e557cbd63025ba38e4b3c2b74c42390d9c91c3903d58ff0a90eb:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink