Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Build Properties File Exposure" module is designed to detect misconfigurations in the build.properties file of a software application. It targets applications that use this specific configuration file to store important build-related properties. This module has an informative severity level and was authored by DhiyaneshDk.
If the build.properties file is exposed, it can potentially reveal sensitive information about the application's build process, such as version numbers, file paths, and other configuration details. This information could be exploited by attackers to gain insights into the application's infrastructure and potentially launch further attacks.
The "Build Properties File Exposure" module works by sending HTTP requests to specific paths where the build.properties file might be located. It then applies matching conditions to determine if the file is exposed. For example, it checks if the response body contains specific words, such as "manpages.8" and "manpages.1". Additionally, it verifies that the HTTP response status is 200, indicating a successful request.
Here is an example of an HTTP request sent by the module:
GET /build.properties
The module matches the response against the following conditions:
- The response body must contain the words "manpages.8" and "manpages.1". - The HTTP response status must be 200.If both conditions are met, the module reports a vulnerability related to the exposure of the build.properties file.