detect-config.ini

Detects the exposure of 'config.ini' files

id: exposed-config-ini

info:
  name: Exposed config.ini File 
  author: Redflare-Cyber
  severity: high
  description: Detects the exposure of 'config.ini' files containing specific sensitive information at '/src/api/config.ini'.

requests:
  - method: GET
    path:
      - "{{BaseURL}}/src/api/config.ini"
    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: regex
        part: body
        regex:
          - '(?m)^\[encrypt\]'
          - 'db_key\s*=\s*".*?"'
          - 'sudo_key\s*=\s*".*?"'
          - '(?m)^\[main\]'
          - 'host\s*=\s*".*?"'
          - '(?m)^\[upload\]'
          - 'path\s*=\s*"\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/files\/"'
          - '(?m)^\[download\]'
          - 'path\s*=\s*"\.\.\/\.\.\/\.\.\/files\/"'
        condition: and

      - type: word
        words:
          - '<html'
          - '<body'
          - '<title'
        negative: true
        part: body

      - type: dsl
        dsl:
          - 'len(body) >= 200 && len(body) <= 5000'