Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Common Error Log Files" module is a test case designed to detect the presence of common error log files on a target website. It focuses on identifying potential misconfigurations or vulnerabilities related to error logging. This module targets websites that use error log files to track and record errors that occur during the operation of the website. The severity of this module is classified as low, indicating that the identified issues may have a limited impact on the security of the website. The original author of this module is not specified.
If the "Common Error Log Files" module detects the presence of error log files, it indicates that the website may have misconfigurations or vulnerabilities related to error logging. These issues can potentially expose sensitive information, such as error messages, stack traces, or other debugging information, to attackers. This information can be leveraged by attackers to gain insights into the website's infrastructure, identify potential weaknesses, or launch targeted attacks.
The "Common Error Log Files" module works by sending HTTP requests to specific paths on the target website. It checks for the presence of common error log files, such as "/php_errors.log" or "/error.log", among others. The module also includes matching conditions to identify potential indicators of misconfigurations or vulnerabilities related to error logging.
These matching conditions include:
- Checking for specific words in the response body, such as "Segmentation Fault," "coredump," "script headers," "Broken pipe," "Array," "Exception," "Fatal," or "FastCGI sent in stderr." If any of these words are found, it indicates the presence of potential error-related issues. - Checking for specific words in the response headers, such as "text/plain" or "application/octet-stream." If any of these words are found, it suggests that the response may contain error-related information. - Verifying that the HTTP response status code is 200, indicating a successful request. This condition ensures that the module only considers valid responses for further analysis.By combining these matching conditions, the module can identify potential misconfigurations or vulnerabilities related to error logging on the target website.