Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Exposed HG Directory

By kannthu

Low
Vidoc logoVidoc Module
#config#exposure
Description

What is the "Exposed HG Directory?"

The "Exposed HG Directory" module is designed to detect misconfigurations in the Mercurial (HG) version control system. It targets the ".hg/hgrc" file, which contains configuration settings for the repository. This module has a low severity level and was authored by daffainfo.

Impact

If the ".hg/hgrc" file is exposed, it could potentially reveal sensitive information such as repository paths and default settings. This information could be exploited by attackers to gain unauthorized access or perform other malicious activities.

How the module works?

The module sends an HTTP GET request to the "/.hg/hgrc" path and checks for specific matching conditions. It verifies if the file contains the configuration section "[paths]" and the default settings. The response status code is also checked to ensure it is 200 (OK).

By detecting the presence of these conditions, the module identifies if the ".hg/hgrc" file is exposed and potentially misconfigured.

Example HTTP request:

GET /.hg/hgrc

Matching conditions:

- The file must contain the configuration section "[paths]" and the default settings. - The response status code must be 200 (OK).

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/.hg/hgrc
Matching conditions
word: [paths], defaultand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability