Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Build Properties File Exposure

By kannthu

Informative
Vidoc logoVidoc Module
#exposure#config#files
Description

What is the "Build Properties File Exposure?"

The "Build Properties File Exposure" module is designed to detect misconfigurations in the build.properties file of a software application. It targets applications that use this specific configuration file to store important build-related properties. This module has an informative severity level and was authored by DhiyaneshDk.

Impact

If the build.properties file is exposed, it can potentially reveal sensitive information about the application's build process, such as version numbers, file paths, and other configuration details. This information could be exploited by attackers to gain insights into the application's infrastructure and potentially launch further attacks.

How does the module work?

The "Build Properties File Exposure" module works by sending HTTP requests to specific paths where the build.properties file might be located. It then applies matching conditions to determine if the file is exposed. For example, it checks if the response body contains specific words, such as "manpages.8" and "manpages.1". Additionally, it verifies that the HTTP response status is 200, indicating a successful request.

Here is an example of an HTTP request sent by the module:

GET /build.properties

The module matches the response against the following conditions:

- The response body must contain the words "manpages.8" and "manpages.1". - The HTTP response status must be 200.

If both conditions are met, the module reports a vulnerability related to the exposure of the build.properties file.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/build.properties/build/build.propert.../manual/style/build....
Matching conditions
word: manpages.8 = \, manpages.1 = \and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability