phpSysInfo Exposure

ID: phpsys-info

Severity: low

Author: fpatrik

Tags: config,exposure,phpsysinfo

Description

phpSysInfo: a customizable PHP script that displays information about your system nicely

YAML Source

id: phpsys-info

info:
  name: phpSysInfo Exposure
  author: fpatrik
  severity: low
  description: |
    phpSysInfo: a customizable PHP script that displays information about your system nicely
  reference: https://phpsysinfo.github.io/phpsysinfo/
  classification:
    cpe: cpe:2.3:a:phpsysinfo:phpsysinfo:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: phpsysinfo
    product: phpsysinfo
    shodan-query: html:"phpSysInfo"
  tags: config,exposure,phpsysinfo

http:
  - method: GET
    path:
      - "{{BaseURL}}/phpsysinfo/index.php?disp=bootstrap"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - 'phpSysInfo'
          - 'Hardware Information'
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100945391b39dcdba2296d117bc86248639ddbec14185404bba8470b82fbfd6fa1d02206eb228fb93f2973afb35ac1aa4bfe327d746f0d4e2908635dbf001bf83459b61:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/exposures/configs/phpsys-info.yaml"

View on Github