Clockwork Dashboard Exposure

What is the "Clockwork Dashboard Exposure?"

The "Clockwork Dashboard Exposure" module is designed to detect potential security vulnerabilities in the Clockwork dashboard. Clockwork is a software tool used for debugging and profiling PHP applications. This module focuses on identifying misconfigurations or vulnerabilities that could expose sensitive information or allow unauthorized access to the dashboard.

This module has a severity level of high, indicating that the identified vulnerabilities could have a significant impact on the security of the application.

This module was authored by dhiyaneshDk.

Impact

If the "Clockwork Dashboard Exposure" module detects a vulnerability, it means that an attacker may be able to gain unauthorized access to the Clockwork dashboard. This could potentially lead to the exposure of sensitive information or allow the attacker to manipulate the application's debugging and profiling features for malicious purposes.

How does the module work?

The "Clockwork Dashboard Exposure" module works by sending an HTTP GET request to the "/__clockwork/latest" endpoint of the target application. It then applies matching conditions to the response to determine if any vulnerabilities or misconfigurations are present.

The matching conditions used by this module include:

- Checking if the response body contains specific keywords such as "id", "version", "method", "url", and "time". - Verifying if the response headers include the "application/json" content type.

If both of these conditions are met, the module will report a potential vulnerability.

Here is an example of the HTTP request sent by the module:

GET /__clockwork/latest

Please note that this is a simplified example, and the actual request may include additional headers or parameters.

For more information about this module, you can refer to the module's GitHub repository.

The maximum number of requests that this module will send is 1.