Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Larvel Debug Method Enabled

By kannthu

Medium
Vidoc logoVidoc Module
#debug#laravel
Description

What is the "Laravel Debug Method Enabled" module?

The "Laravel Debug Method Enabled" module is a test case designed to detect misconfigurations in Laravel applications. It targets the Laravel framework, which is a popular PHP framework used for web application development. The severity of this module is classified as medium.

Author: dhiyaneshDK

Impact

This module aims to identify if the Laravel debug mode is enabled. When debug mode is enabled, detailed error messages are displayed, which can potentially expose sensitive information about the application's configuration and code. This information can be exploited by attackers to gain unauthorized access or launch further attacks on the application.

How does the module work?

The "Laravel Debug Method Enabled" module works by sending HTTP requests to the target application and analyzing the responses for specific conditions. It uses matching conditions to identify if the application returns an error message containing the phrase "Whoops! There was an error" and if the HTTP status code is 500 (Internal Server Error).

By detecting these conditions, the module can determine if the Laravel debug mode is enabled. If the conditions are met, it indicates a potential misconfiguration that should be addressed to enhance the security of the application.

Example HTTP request:

GET / HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

The module matches the response against the following conditions:

- The response body contains the phrase "Whoops! There was an error". - The HTTP status code is 500 (Internal Server Error).

If both conditions are met, the module reports that the Laravel debug mode is enabled and suggests taking appropriate actions to disable it in order to mitigate potential security risks.

Module preview

Concurrent Requests (0)
Passive global matcher
word: Whoops! There was an errorand
status: 500
On match action
Report vulnerability