Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Pantheon upstream.yml Disclosure" module is designed to detect misconfigurations in the Pantheon YAML configuration files. Pantheon is a web development platform that provides hosting and management services for Drupal and WordPress websites. This module focuses on the "pantheon.upstream.yml" file, which contains important configuration settings for a Pantheon site.
This module has a low severity level, indicating that the detected misconfigurations may not pose a significant risk but should still be addressed to ensure the security and proper functioning of the Pantheon site.
This module was authored by DhiyaneshDK.
If misconfigurations are found in the Pantheon YAML configuration files, sensitive information may be exposed. This can include database credentials and protected web paths, which could potentially be exploited by malicious actors to gain unauthorized access to the site or its resources.
The "Pantheon upstream.yml Disclosure" module works by sending an HTTP GET request to the "/pantheon.upstream.yml" path of the target website. It then applies matching conditions to determine if misconfigurations are present.
Matching conditions:
- The response body must contain the words "database:" and "protected_web_paths:". - The HTTP status code must be 200 (OK).If both conditions are met, the module reports a vulnerability, indicating that misconfigurations in the Pantheon YAML configuration files have been detected.
For more information, you can refer to the Pantheon YAML documentation.
Metadata:
verified: true
google-query: intitle:"index of" "pantheon.upstream.yml"