Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Cargo TOML File Disclosure" module is designed to detect the exposure of sensitive files in the Cargo.toml file of a Rust project. This module targets the Cargo.toml file, which is a configuration file used by the Cargo package manager in Rust.
The severity of this module is classified as informative, meaning it provides valuable information but does not pose a direct vulnerability or misconfiguration.
This module was authored by DhiyaneshDk.
The exposure of the Cargo.toml file can potentially reveal sensitive information about the project, such as package dependencies and other metadata. This information could be useful for attackers to gain insights into the project's structure and potentially exploit any vulnerabilities.
The "Cargo TOML File Disclosure" module works by sending an HTTP GET request to the "/Cargo.toml" path of the target. It then applies matching conditions to determine if the Cargo.toml file is exposed and contains specific keywords.
An example of the HTTP request sent by this module:
GET /Cargo.toml
The module uses the following matching conditions:
- The response body must contain the keywords "[package]" and "[dependencies]". - The response status code must be 200 (OK).If both matching conditions are met, the module identifies the Cargo.toml file as exposed and reports it as a potential vulnerability.
For more information about the Cargo.toml file and its structure, refer to the official Rust documentation.
Metadata:
- Verified: true - Shodan query: html:"Cargo.toml"