Closed emadshanab closed 2 years ago
id: test-cgi-script-leaking-environment-variables info: author: emadshanab name: "Test CGI script leaking environment variables" reference: "https://www.acunetix.com/vulnerabilities/web/test-cgi-script-leaking-environment-variables/" severity: medium tags: "exposure,generic" requests: - matchers: - status: - 200 type: status - part: body type: word words: - MYSQL_HOME - OPENSSL_CONF - REMOTE_ADDR - SERVER_ADMIN matchers-condition: and method: GET path: - "{{BaseURL}}/cgi-bin/printenv.pl"
Thank you for sharing this @emadshanab, this is now added here - https://github.com/projectdiscovery/nuclei-templates/pull/3498