Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Exposed HG Directory" module is designed to detect misconfigurations in the Mercurial (HG) version control system. It targets the ".hg/hgrc" file, which contains configuration settings for the repository. This module has a low severity level and was authored by daffainfo.
If the ".hg/hgrc" file is exposed, it could potentially reveal sensitive information such as repository paths and default settings. This information could be exploited by attackers to gain unauthorized access or perform other malicious activities.
The module sends an HTTP GET request to the "/.hg/hgrc" path and checks for specific matching conditions. It verifies if the file contains the configuration section "[paths]" and the default settings. The response status code is also checked to ensure it is 200 (OK).
By detecting the presence of these conditions, the module identifies if the ".hg/hgrc" file is exposed and potentially misconfigured.
Example HTTP request:
GET /.hg/hgrc
Matching conditions:
- The file must contain the configuration section "[paths]" and the default settings. - The response status code must be 200 (OK).