Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Clockwork PHP page exposure

By kannthu

High
Vidoc logoVidoc Module
#tech#clockwork
Description

What is the "Clockwork PHP page exposure?"

The "Clockwork PHP page exposure" module is designed to detect a specific misconfiguration in Clockwork, a PHP debugging and profiling tool. This module focuses on identifying instances where the Clockwork application page is exposed and accessible.

This module targets the Clockwork PHP library, which is commonly used by developers for debugging and profiling PHP applications. It helps developers analyze and optimize their code by providing detailed information about the application's performance, database queries, and more.

The severity of this module is classified as high, indicating that the misconfiguration it detects can potentially expose sensitive information and pose a security risk.

Impact

If the Clockwork PHP page is exposed and accessible, it can potentially expose sensitive information about the application, including database queries, request data, and other debugging information. This can be exploited by attackers to gain insights into the application's structure and potentially identify vulnerabilities or sensitive data.

How the module works?

The "Clockwork PHP page exposure" module works by sending a specific HTTP request to the target application and analyzing the response. It uses matching conditions to determine if the Clockwork application page is exposed.

One example of a matching condition is checking the HTTP response status code, which should be 200 indicating a successful response. Additionally, the module checks for specific HTML elements in the response body, such as the presence of the "" and "" tags.

If both the status code and the HTML elements match the expected values, the module identifies the misconfiguration and reports it as a potential vulnerability.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/__clockwork/app
Matching conditions
status: 200and
word: <title>Clockwork</title>, <html ng-app="...
Passive global matcher
No matching conditions.
On match action
Report vulnerability