Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Compressed Backup File" module is a test case designed to detect the presence of compressed backup files on a target website. It focuses on identifying misconfigurations or vulnerabilities related to the exposure of these files. The severity of this module is classified as medium.
This module was authored by toufik-airane, dwisiswant0, and ffffffff0x.
If a compressed backup file is exposed on a website, it can potentially lead to unauthorized access or data leakage. Attackers may exploit these files to gain sensitive information or compromise the security of the website.
The "Compressed Backup File" module operates by sending HTTP requests to the target website and analyzing the responses based on specific matching conditions. It checks for the presence of compressed backup files by examining the response body, headers, and status code.
An example of an HTTP request template used by this module:
GET /{%FILENAME%}.{%EXT%}
The module uses various matching conditions to identify compressed backup files:
- The response body must contain specific binary patterns associated with compressed file formats. - The response headers must indicate an application type related to compressed files. - The HTTP status code must be 200, indicating a successful response.By evaluating these conditions, the module determines whether the target website exposes compressed backup files.