id: frontpage-pwd-file
info:
name: Frontpage service-vti Configuration File - Detect
author: Redflare Cyber
severity: high
description: Frontpage config file was detected.
metadata:
max-request: 1
tags: config,exposure,frontpage
http:
- method: GET
path:
- "{{BaseURL}}/_vti_pvt/service.pwd"
- "{{BaseURL}}_vti_pvt/administrators.pwd"
- "{{BaseURL}}_vti_pvt/authors.pwd"
matchers-condition: and
matchers:
- type: word
words:
- "admin"
- "webmaster"
- "administrator"
condition: and
- type: word
words:
- "text/plain"
part: header
- type: status
status:
- 200