Update php-debugbar-exposure.yaml

geeknik · dwisiswant0 · commit dfca45cb38ab · 2024-11-04T18:20:40.000+07:00
Obliterating false negatives.
diff --git a/http/misconfiguration/php-debugbar-exposure.yaml b/http/misconfiguration/php-debugbar-exposure.yaml
@@ -2,10 +2,10 @@ id: php-debugbar-exposure
 
 info:
   name: Php Debug Bar - Exposure
-  author: ritikchaddha,pdteam,dhiyaneshDk
+  author: ritikchaddha, pdteam, dhiyaneshDk, geeknik
   severity: high
   description: |
-    The DebugBar integrates easily in any projects and can display profiling data from any part of your application. It comes built-in with data collectors for standard PHP features and popular projects.
+    The DebugBar integrates easily into projects and can display profiling data from any part of your application. This template detects exposed PHP Debug Bars by looking for known response bodies and the `phpdebugbar-id` in headers.
   reference:
     - https://hackerone.com/reports/1883806
     - http://phpdebugbar.com/
@@ -14,20 +14,34 @@ info:
     verified: true
     max-request: 2
     shodan-query: html:"phpdebugbar"
-  tags: hackerone,misconfig,php,phpdebug,exposure
+  tags: hackerone, misconfig, php, phpdebug, exposure
 
 http:
   - method: GET
     path:
       - "{{BaseURL}}"
       - "{{BaseURL}}/_debugbar/open"
-
     host-redirects: true
     max-redirects: 2
     matchers:
       - type: dsl
         dsl:
-          - 'contains(body_1, "phpdebugbar") && contains(body, "widget")'
-          - 'contains_all(body_2, "\"utime\"","\"datetime\"","{\"id") && contains(content_type_2, "application/json")'
-        condition: or
-# digest: 4a0a00473045022100ae074f15355d3a5c73ee1e144067e2bc82cc11539e6793bcfbf8471f8853945c02201a4ad22c14f9c2d87bf7dcedc9cd70d261f383010b55d4c3098677e7c6090f06:922c64590222798bb761d5b6d8e72950
+          - 'contains(body, "phpdebugbar")'
+          - 'contains(body, "widget")'
+        condition: and
+      - type: dsl
+        dsl:
+          - 'contains(header, "phpdebugbar-id")'
+        
+  - method: HEAD
+    path:
+      - "{{BaseURL}}/_debugbar/open"
+    host-redirects: true
+    max-redirects: 1
+    matchers:
+      - type: status
+        status:
+          - 200
+      - type: dsl
+        dsl:
+          - 'contains(header, "phpdebugbar-id")'
