Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

db.xml File Exposure

By kannthu

Medium
Vidoc logoVidoc Module
#misconfig#db#files#exposure
Description

What is the "db.xml File Exposure?"

The "db.xml File Exposure" module is designed to detect misconfigurations in the target software. It specifically targets the exposure of the "db.xml" file. This module has a medium severity level and was authored by tess.

Impact

If the "db.xml" file is exposed, it may lead to the disclosure of sensitive information such as the server name, database password, and database type. This can potentially be exploited by attackers to gain unauthorized access to the database and compromise the security of the system.

How the module works?

The module works by sending a GET request to the "/db.xml" path of the target. It then applies matching conditions to determine if the exposed file contains specific sensitive information. The matching conditions include checking for the presence of "", "", and "" in the response body, as well as verifying that the response status is 200.

Example HTTP request:

GET /db.xml

The module matches the conditions if all the specified words are found in the response body and the response status is 200. If a match is found, the module reports the vulnerability.

Note: The actual JSON definitions of the module are not shown here for simplicity.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/db.xml
Matching conditions
word: <ServerName>, <DBPASS>, <DBtype>and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability