漏洞描述
Generic php file source code was detected via backup files.
generic-php-files: Generic PHP Backup Information Disclosure
PoC代码[已公开]
id: generic-php-files
info:
name: Generic PHP Backup Information Disclosure
author: sheikhrishad,matejsmycka
severity: medium
description: Generic php file source code was detected via backup files.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cwe-id: CWE-200
metadata:
max-request: 14
tags: exposure,backup,vuln
http:
- method: GET
path:
- "{{BaseURL}}/settings.php.bak"
- "{{BaseURL}}/settings.php.dist"
- "{{BaseURL}}/settings.php.old"
- "{{BaseURL}}/settings.php.save"
- "{{BaseURL}}/.settings.php.swp"
- "{{BaseURL}}/settings.php.txt"
- "{{BaseURL}}/config/settings.old.php"
- "{{BaseURL}}/config.php.bak"
- "{{BaseURL}}/config.php.dist"
- "{{BaseURL}}/config.php.old"
- "{{BaseURL}}/config.php.save"
- "{{BaseURL}}/.config.php.swp"
- "{{BaseURL}}/config.php.txt"
- "{{BaseURL}}/config/settings.old.php"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: regex
regex:
- '<\?php\b[\s\S]*?\?>'
part: body
- type: word
words:
- "DB_NAME"
- "DB"
condition: and
part: body
- type: status
status:
- 200
# digest: 490a004630440220152bb3e0a63017f23eff3dbac5f4e544ecf0803be5fbac106a1bfdecb6e7f4c10220656f362eea57c82d2d8d370501c09ccea5c498065728107611508a5bcf6b0458:922c64590222798bb761d5b6d8e72950