Dreamweaver Dwsync.xml Exposure

ID: dwsync-exposure

Severity: info

Author: KaizenSecurity

Tags: dwsync,exposure,dreamweaver,files

Description

The Dreamweaver file dwsync.xml was discovered. The dwsync.xml file is a file generated by Dreamweaver which contains information related to what files are in the website directory.

YAML Source

id: dwsync-exposure

info:
  name: Dreamweaver Dwsync.xml Exposure
  author: KaizenSecurity
  severity: info
  description: The Dreamweaver file dwsync.xml was discovered. The dwsync.xml file is a file generated by Dreamweaver which contains information related to what files are in the website directory.
  classification:
    cwe-id: CWE-200
  metadata:
    max-request: 1
  tags: dwsync,exposure,dreamweaver,files

http:
  - method: GET
    path:
      - "{{BaseURL}}/_notes/dwsync.xml"

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        part: header
        words:
          - application/xml

      - type: word
        part: body
        words:
          - '<dwsync>'
          - '</dwsync>'
        condition: and
# digest: 4b0a00483046022100b7a98c0e55687f764567444280be4a08b5f77ea27bdeccb48493019c610ee93f022100a968af68c7d5262e0985a4c2c7335467d1f594e6393c4f2b8c187a37051ac88f:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/exposures/files/dwsync-exposure.yaml"

View on Github