Php Debug Bar - Exposure
ID: php-debugbar-exposure
Severity: high
Author: ritikchaddha,pdteam,DhiyaneshDk,geeknik
Tags: misconfig,php,phpdebug,exposure,debug
Description
Section titled “Description”The DebugBar integrates easily into projects and can display profiling data from any part of your application.This template detects exposed PHP Debug Bars by looking for known response bodies and the phpdebugbar-id in headers.
YAML Source
Section titled “YAML Source”id: php-debugbar-exposure
info: name: Php Debug Bar - Exposure author: ritikchaddha,pdteam,DhiyaneshDk,geeknik severity: high description: | The DebugBar integrates easily into projects and can display profiling data from any part of your application.This template detects exposed PHP Debug Bars by looking for known response bodies and the `phpdebugbar-id` in headers. reference: - https://hackerone.com/reports/1883806 - http://phpdebugbar.com/ - https://github.com/maximebf/php-debugbar metadata: verified: true max-request: 2 shodan-query: html:"phpdebugbar" tags: misconfig,php,phpdebug,exposure,debug
http: - method: GET path: - "{{BaseURL}}" - "{{BaseURL}}/_debugbar/open"
stop-at-first-match: true matchers: - type: dsl dsl: - 'contains_all(body, "phpdebugbar", "widget") && status_code == 200' - 'contains(header, "phpdebugbar-id")' - 'contains_all(body, "\"utime\"","\"datetime\"","{\"id") && contains(content_type, "application/json")' condition: or# digest: 4b0a00483046022100afe19a0354e51a6998d9b6479572ee8033beafb6545c6255b40aca4d88ad4b76022100f8e4f12d81bb172eb43aa7dc994a02cc43e64f28250a521dfdd0574162c539df:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/misconfiguration/php-debugbar-exposure.yaml"