Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Database Credentials File Exposure

By kannthu

Low
Vidoc logoVidoc Module
#exposure#database#config#files
Description

What is the "Database Credentials File Exposure?"

The "Database Credentials File Exposure" module is designed to detect the exposure of sensitive database credentials in configuration files. It targets software applications that store database connection details in plain text files, which can pose a security risk if accessed by unauthorized individuals. This module has a low severity level and was authored by Hardik-Solanki.

Impact

If the database credentials file is exposed, it can potentially lead to unauthorized access to the database. Attackers who gain access to these credentials can manipulate or extract sensitive data, compromise the integrity of the database, or even cause a complete system compromise.

How the module works?

The "Database Credentials File Exposure" module works by sending an HTTP GET request to a specific path, typically the location of the database credentials file. It then applies matching conditions to determine if the file contains sensitive information and if the request returns a successful status code (200). The module checks for the presence of variables such as "$DATABASE_USER" and "$DATABASE_PASS" within the file's body. If both conditions are met, the module reports a vulnerability.

Example HTTP request:

GET /database_credentials.inc

The module uses two matching conditions:

- The first condition checks if the body of the response contains the variables "$DATABASE_USER" and "$DATABASE_PASS". - The second condition verifies that the response status code is 200, indicating a successful request.

By analyzing the response body and status code, the module can identify if the database credentials file is exposed and potentially vulnerable to unauthorized access.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/database_credential...
Matching conditions
word: $DATABASE_USER, $DATABASE_PASSand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability