From b379c3148ec6678560ba908744281dfa11e02367 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Krzysztof=20Zaj=C4=85c?= Date: Tue, 6 Aug 2024 08:05:00 +0200 Subject: [PATCH 1/2] Detected sites that show the Laravel debug panel on malformed URLs --- http/misconfiguration/laravel-debug-error.yaml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/http/misconfiguration/laravel-debug-error.yaml b/http/misconfiguration/laravel-debug-error.yaml index 9f775adbde7..2b70ed5489f 100644 --- a/http/misconfiguration/laravel-debug-error.yaml +++ b/http/misconfiguration/laravel-debug-error.yaml @@ -13,14 +13,13 @@ http: - method: GET path: - "{{BaseURL}}" + - "{{BaseURL}}///////this-should-not-exist,.<>!@#$%^&*()_+" + - "{{BaseURL}}/%00" matchers-condition: and matchers: - type: word words: - - Whoops! There was an error + - Whoops! There was an error - - type: status - status: - - 500 -# digest: 4b0a00483046022100a27980313b04765c0889cf3781ae98a717537c8bf226181548f1befb4b88bc0b022100b5c1947c8918d39d6a6e27b7917edc78bb098d331d886b26e3ac00da1603a76c:922c64590222798bb761d5b6d8e72950 \ No newline at end of file +# digest: 4b0a00483046022100a27980313b04765c0889cf3781ae98a717537c8bf226181548f1befb4b88bc0b022100b5c1947c8918d39d6a6e27b7917edc78bb098d331d886b26e3ac00da1603a76c:922c64590222798bb761d5b6d8e72950 From a0af0d704ef1e0eed625924adee5690d9cd5a5d0 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran <leedhiyanesh@gmail.com> Date: Tue, 6 Aug 2024 19:03:20 +0530 Subject: [PATCH 2/2] add stop at first match --- http/misconfiguration/laravel-debug-error.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/http/misconfiguration/laravel-debug-error.yaml b/http/misconfiguration/laravel-debug-error.yaml index 2b70ed5489f..93609670509 100644 --- a/http/misconfiguration/laravel-debug-error.yaml +++ b/http/misconfiguration/laravel-debug-error.yaml @@ -16,6 +16,7 @@ http: - "{{BaseURL}}///////this-should-not-exist,.<>!@#$%^&*()_+" - "{{BaseURL}}/%00" + stop-at-first-match: true matchers-condition: and matchers: - type: word