Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Apache Config file disclosure

By kannthu

Low
Vidoc logoVidoc Module
#config#exposure#apache
Description

Apache Config file disclosure

What is Apache Config file disclosure?

The "Apache Config file disclosure" module is designed to detect misconfigurations that could potentially lead to the exposure of Apache configuration files. Apache is a widely used web server software. This module focuses on identifying vulnerabilities related to the disclosure of Apache configuration files.

This module has a severity level of low.

Impact

If misconfigurations are present and exposed, attackers may gain access to sensitive information contained within the Apache configuration files. This information can include server settings, directory structures, virtual host configurations, and more. The exposure of such details can potentially aid attackers in planning and executing further attacks on the web server.

How the module works?

The "Apache Config file disclosure" module works by sending an HTTP GET request to the server, targeting the path "/apache.conf". It then applies matching conditions to the response to determine if the Apache configuration file is exposed.

The matching conditions used in this module are:

- Condition 1: The response body must contain the string "<Directory" and "</Directory>", and the HTTP status code must be 200. - Condition 2: The response body must contain the string "<VirtualHost" and "</VirtualHost>", and the HTTP status code must be 200.

If either of these conditions is met, the module will report a vulnerability related to the exposure of the Apache configuration file.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/apache.conf
Matching conditions
dsl: contains(body, `<Directory`) && contains...
Passive global matcher
No matching conditions.
On match action
Report vulnerability