Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Discover db schema files

By kannthu

Informative
Vidoc logoVidoc Module
#exposure#backup#files
Description

What is "Discover db schema files?"

The "Discover db schema files" module is designed to detect the presence of database schema files in a web application. It targets the software's database schema file, which is typically auto-generated from the current state of the database. This module is informative in terms of severity and was authored by geeknik.

Impact

This module does not have a direct impact on the security of the web application. However, the presence of exposed database schema files can potentially provide valuable information to attackers, such as the structure of the database and the relationships between tables. This information can be used to plan further attacks or exploit any misconfigurations in the database.

How does the module work?

The "Discover db schema files" module works by sending HTTP requests to specific paths commonly associated with database schema files, such as "/db/schema.rb", "/database/schema.rb", and "/schema.rb". It then applies matching conditions to determine if the response indicates the presence of a database schema file.

For example, one of the matching conditions checks if the response status is 200, indicating a successful request. Additionally, the module looks for specific words in the response body, such as "This file is auto-generated from the current state of the database." and "ActiveRecord::Schema.define". If both the status and word conditions are met, the module considers the presence of a database schema file as detected.

By scanning for exposed database schema files, this module helps identify potential security risks and allows administrators to take appropriate measures to secure their web applications.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/db/schema.rb/database/schema.rb/schema.rb
Matching conditions
word: This file is auto-generated from the cur...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability