Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Codeigniter - .env File Discovery

By kannthu

High
Vidoc logoVidoc Module
#config#exposure#codeigniter
Description

What is "Codeigniter - .env File Discovery"?

The "Codeigniter - .env File Discovery" module is designed to detect the presence of a .env file in Codeigniter applications. Codeigniter is a popular PHP framework used for developing web applications. This module focuses on identifying potential misconfigurations related to the exposure of sensitive configuration files.

This module has a severity level of high, indicating that the discovery of a .env file could potentially lead to security vulnerabilities.

Author: emenalf

Impact

If a .env file is exposed, it may contain sensitive information such as database credentials, API keys, and other configuration settings. Unauthorized access to this file could lead to unauthorized access to the application's resources, data breaches, and other security risks.

How does the module work?

The module sends HTTP requests to various paths commonly used for storing .env files, such as "/.env", "/.env.dev.local", "/.env.development.local", and others. It then applies matching conditions to determine if the file is present and if it contains specific patterns related to sensitive information.

For example, the module uses regular expressions to match patterns like "^APP_(NAME|ENV|KEY|DEBUG|URL|PASSWORD)" and "^DB_(HOST|PASSWORD|DATABASE)" within the .env file. If any of these patterns are found, it indicates the presence of sensitive configuration settings.

An example HTTP request sent by the module:

GET /.env

The module expects a response with a status code of 200, indicating that the .env file exists and is accessible.

By performing these checks, the module helps identify potential misconfigurations that could expose sensitive information in Codeigniter applications.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/.env/.env.dev.local/.env.development.lo...(+9 paths)
Matching conditions
regex: (?m)^APP_(NAME|ENV|KEY|DEBUG|URL|PASSWOR...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability