WADL API - Detect
ID: wadl-api
Severity: info
Author: 0xrudra,manuelbua
Tags: exposure,api
Description
Section titled “Description”WADL API was detected.
YAML Source
Section titled “YAML Source”id: wadl-api
info: name: WADL API - Detect author: 0xrudra,manuelbua severity: info description: WADL API was detected. reference: - https://github.com/dwisiswant0/wadl-dumper - https://www.nopsec.com/leveraging-exposed-wadl-xml-in-burp-suite/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-score: 0 cwe-id: CWE-200 metadata: max-request: 8 tags: exposure,api
http: - method: GET path: - "{{BaseURL}}/application.wadl" - "{{BaseURL}}/application.wadl?detail=true" - "{{BaseURL}}/api/application.wadl" - "{{BaseURL}}/api/v1/application.wadl" - "{{BaseURL}}/api/v2/application.wadl"
stop-at-first-match: true matchers: - name: http-get type: word words: - "This is simplified WADL with user and core resources only" - "http://jersey.java.net" - "http://wadl.dev.java.net/2009/02"
- method: OPTIONS path: - "{{BaseURL}}" - "{{BaseURL}}/api/v1" - "{{BaseURL}}/api/v2"
stop-at-first-match: true matchers: - name: http-options type: word words: - "This is simplified WADL with user and core resources only" - "http://jersey.java.net" - "http://wadl.dev.java.net/2009/02"# digest: 490a0046304402206950f4b2eaf57d11b07a16e58f4a728756dc1795b08cc12ea94aa5338c39cfab0220613c19c0b44335994cc018d43d72ccd8ee2035c42ceb40e8ac2498fc9950bec3:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/exposures/apis/wadl-api.yaml"