Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

PHP CLI Server Stack Trace

By kannthu

Informative
Vidoc logoVidoc Module
#misconfig#phpcli
Description

What is the "PHP CLI Server Stack Trace?" module?

The "PHP CLI Server Stack Trace" module is a test case designed to detect misconfigurations in PHP CLI servers. It targets servers that return a 404 Not Found error when a random PHP file is requested. The module has an informative severity level and was authored by DhiyaneshDk.

Impact

This module does not have a direct impact on the target system. It is used to identify potential misconfigurations in PHP CLI servers, which could indicate security vulnerabilities or issues with the server setup.

How does the module work?

The "PHP CLI Server Stack Trace" module sends a GET request to the target server with a randomly generated PHP file path. It then checks the response for specific conditions to determine if a misconfiguration exists.

The module's matching conditions include:

- The response body must contain the string "/{{randstr}}.php.* this server." - The response must have a "text/html" content type header - The response status code must be 404

If all of these conditions are met, the module reports a potential misconfiguration in the PHP CLI server.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/{%randTextAlphanume...
Matching conditions
regex: <code.*>/{{randstr}}.php.* this server.,...and
word: text/htmland
status: 404
Passive global matcher
No matching conditions.
On match action
Report vulnerability