drupal-files
ArjunChandarana opened this issue · comments
Template Information:
Drupal CMS has many default of which few are interesting which gives can be used to identify that Drupal as CMS is being used and also it has files accessible which discloses information about what all plugins are being used and much more.
Nuclei Template:
id: drupal-files
info:
name: Publicly Accessible Drupal Files
author: ArjunChandarana
severity: low
metadata:
verified: true
shodan-query: http.component:Drupal
tags: Drupal
requests:
- method: GET
path:
- "{{BaseURL}}/sites/default/services.yml"
- "{{BaseURL}}/contrib/views_data_export/README.md"
- "{{BaseURL}}/core/install.php"
- "{{BaseURL}}/core/INSTALL.txt"
- "{{BaseURL}}/sites/README.txt"
- "{{BaseURL}}/update.php"
- "{{BaseURL}}/sites/default/settings.php"
stop-at-first-match: false
matchers-condition: or
matchers:
- type: word
part: body
words:
- "Views data export"
- "Administer software update"
- "parameters"
- "Drupal"
- "Installation"
- "Requirements"
- "app_root"
condition: or
- type: status
status:
- 200
Weak matching with matchers-condition: or
. Changing it to matchers-condition: and
got me some valid results. Not sure if all the words in the matcher list are Drupal-specific, though.
Thanks so much for this @ArjunChandarana , we'll take a look into it!
Thanks team, let me know if it requires modification. Would be happy to help.
Hi @ArjunChandarana , we already have these default files under these templates
http/technologies/drupal-detect.yaml
http/misconfiguration/installer/drupal-install.yaml
/update.php - Access denied (Since it requires a account to login`
/sites/default/services.yml - Blank Page with no Information.
/sites/default/settings.php - variable undefined error
Only these below mentioned endpoints are already present
- "{{BaseURL}}/core/install.php"
- "{{BaseURL}}/core/INSTALL.txt"
- "{{BaseURL}}/sites/README.txt"
Looking forward to hear back from you
Thanks
Hi @DhiyaneshGeek , thanks for checking on this. While my testing phase I was able to get output for /sites/default/services.yml this endpoint with some of the information and this would vary from target to target. Regarding this /sites/default/settings.php endpoint I was able to get an error but sometimes it would be possible to get an default settings.php page. And in /update.php endpoint it was possible to get an response that it requires leveraged privileges such as Administrator which confirms that multiple user roles exists.
Hi @ArjunChandarana what kinda of information is exposed in these files ?
If there is something sensitive information exposed , we can consider to have template
The existing template detects the default files as i mentioned already
Looking forward to hear back from you
Thanks
Hi @DhiyaneshGeek , to my observation and understanding this file generally contains configuration related information which has session related configurations, twig related configurations, which protocols are allowed which are filtered. And additionally some CORS related configuration is disclosed. But this file may contain additional information regarding target configuration which depends on target to target.
Also "{{BaseURL}}/core/INSTALL.txt" this endpoint was not found in above 2 templates could you please check on that also.
Hi @ArjunChandarana , we can update the existing template and add /core/INSTALL.txt
and co-author you there 😄
What do you think about it ?
Thanks
Hey @DhiyaneshGeek , that would be great and much appreciated 😁 . Also was thinking out loud that why to miss on any default files which might have some relevant information about the host. If we can add sites/default/services.yml
this endpoint in that would be great. Additionally if we can go ahead and create a template regarding improper error handling for this endpoint /sites/default/settings.php
- variable undefined error. 👀
Thanks much !
We also have a Discord server, which you’re more than welcome to join. It's a great place to connect with fellow contributors and stay updated with the latest developments!
i'll update the existing template and let you know
Thanks
Hi @ArjunChandarana we further examined that existing templates detects the drupal default files
Adding /core/INSTALL.txt
, /sites/default/services.yml
will increase the number of request sent.
so we are closing this issue
Thanks