search

projectdiscovery / nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.
https://github.com/projectdiscovery/nuclei
MIT License
9.02k stars 2.58k forks source link

test-cgi-script-leaking-environment-variables.yaml #3495

Closed emadshanab closed 2 years ago

emadshanab commented 2 years ago 
id: test-cgi-script-leaking-environment-variables
info: 
  author: emadshanab
  name: "Test CGI script leaking environment variables"
  reference: "https://www.acunetix.com/vulnerabilities/web/test-cgi-script-leaking-environment-variables/"
  severity: medium
  tags: "exposure,generic"
requests: 
  - 
    matchers: 
      - 
        status: 
          - 200
        type: status
      - 
        part: body
        type: word
        words: 
          - MYSQL_HOME
          - OPENSSL_CONF
          - REMOTE_ADDR
          - SERVER_ADMIN
    matchers-condition: and
    method: GET
    path: 
      - "{{BaseURL}}/cgi-bin/printenv.pl"
emadshanab commented 2 years ago

carbon (2)

ehsandeep commented 2 years ago

Thank you for sharing this @emadshanab, this is now added here - https://github.com/projectdiscovery/nuclei-templates/pull/3498