Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "db.xml File Exposure" module is designed to detect misconfigurations in the target software. It specifically targets the exposure of the "db.xml" file. This module has a medium severity level and was authored by tess.
If the "db.xml" file is exposed, it may lead to the disclosure of sensitive information such as the server name, database password, and database type. This can potentially be exploited by attackers to gain unauthorized access to the database and compromise the security of the system.
The module works by sending a GET request to the "/db.xml" path of the target. It then applies matching conditions to determine if the exposed file contains specific sensitive information. The matching conditions include checking for the presence of "", "", and "" in the response body, as well as verifying that the response status is 200.
Example HTTP request:
GET /db.xml
The module matches the conditions if all the specified words are found in the response body and the response status is 200. If a match is found, the module reports the vulnerability.
Note: The actual JSON definitions of the module are not shown here for simplicity.