Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "OPcache Status Exposure" module is designed to detect a potential misconfiguration in the OPcache status of a website. OPcache is a caching engine for PHP that improves the performance of PHP applications by storing precompiled script bytecode in shared memory. This module focuses on identifying whether the OPcache status page is publicly accessible, which could potentially expose sensitive information about the server's configuration.
This module has a low severity level, indicating that the potential impact of the misconfiguration is relatively limited.
This module was authored by pdteam.
If the OPcache status page is exposed to the public, it may reveal sensitive information about the server's configuration. This could include details about the OPcache settings, such as whether it is enabled and the hit rate. Attackers could potentially use this information to gain insights into the server's PHP environment and exploit any vulnerabilities or weaknesses.
The "OPcache Status Exposure" module sends HTTP requests to specific paths on the target website, such as "/opcache-status/", "/php-opcache-status/", and "/opcache-status/opcache.php". It uses the GET method to retrieve the content of these pages.
The module then applies matching conditions to the response body to determine if the OPcache status page is exposed. It looks for specific HTML elements, such as "opcache_enabled" and "opcache_hit_rate", to identify if the page contains information about the OPcache status.
If the matching conditions are met, the module reports a potential vulnerability, indicating that the OPcache status page is publicly accessible.