Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Common Error Log Files

By kannthu

Low
Vidoc logoVidoc Module
#logs#exposure#error
Description

What is the "Common Error Log Files" module?

The "Common Error Log Files" module is a test case designed to detect the presence of common error log files on a target website. It focuses on identifying potential misconfigurations or vulnerabilities related to error logging. This module targets websites that use error log files to track and record errors that occur during the operation of the website. The severity of this module is classified as low, indicating that the identified issues may have a limited impact on the security of the website. The original author of this module is not specified.

Impact

If the "Common Error Log Files" module detects the presence of error log files, it indicates that the website may have misconfigurations or vulnerabilities related to error logging. These issues can potentially expose sensitive information, such as error messages, stack traces, or other debugging information, to attackers. This information can be leveraged by attackers to gain insights into the website's infrastructure, identify potential weaknesses, or launch targeted attacks.

How the module works?

The "Common Error Log Files" module works by sending HTTP requests to specific paths on the target website. It checks for the presence of common error log files, such as "/php_errors.log" or "/error.log", among others. The module also includes matching conditions to identify potential indicators of misconfigurations or vulnerabilities related to error logging.

These matching conditions include:

- Checking for specific words in the response body, such as "Segmentation Fault," "coredump," "script headers," "Broken pipe," "Array," "Exception," "Fatal," or "FastCGI sent in stderr." If any of these words are found, it indicates the presence of potential error-related issues. - Checking for specific words in the response headers, such as "text/plain" or "application/octet-stream." If any of these words are found, it suggests that the response may contain error-related information. - Verifying that the HTTP response status code is 200, indicating a successful request. This condition ensures that the module only considers valid responses for further analysis.

By combining these matching conditions, the module can identify potential misconfigurations or vulnerabilities related to error logging on the target website.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/php_errors.log/MyErrors.log/admin/error.log(+26 paths)
Matching conditions
word: Segmentation Fault, coredump, script hea...and
word: text/plain, application/octet-streamand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability