Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Parameters.yml - File Discovery" module is designed to detect misconfigurations in the parameters.yml file of a software application. It targets the parameters.yml file, which is commonly used in Symfony-based applications for storing configuration parameters.
This module has a high severity level, indicating that the misconfiguration it detects can potentially lead to security vulnerabilities.
This module was authored by DhiyaneshDK.
If the parameters.yml file is misconfigured, it can expose sensitive information such as database credentials. This can lead to unauthorized access to the application's database, potentially compromising the confidentiality and integrity of the data stored within.
The "Parameters.yml - File Discovery" module works by sending HTTP requests to specific paths where the parameters.yml file is commonly located. It then applies matching conditions to determine if the file contains certain keywords and if the HTTP response status is 200 (OK).
For example, one of the HTTP requests sent by this module could be:
GET /parameters.yml
The module applies the following matching conditions:
- The file must contain the keywords "parameters:", "database_user", and "database_password". - The HTTP response status must be 200 (OK).If both conditions are met, the module reports a vulnerability.
For more information, you can refer to the exploit-db website.
Metadata:
verified: true
shodan-query: html:"parameters.yml"