Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

PHP source disclosure through backup files

By kannthu

Medium
Vidoc logoVidoc Module
#exposure#backup#php#disclosure
Description

What is the "PHP source disclosure through backup files?" module?

The "PHP source disclosure through backup files" module is designed to detect the presence of backup files that may contain sensitive PHP source code. It targets websites or applications that use PHP as their programming language. This module helps identify potential security vulnerabilities that could lead to the exposure of sensitive information.

This module is created by an unknown author.

Impact

If backup files containing PHP source code are accessible to unauthorized users, it can lead to the disclosure of sensitive information, such as database credentials, API keys, or other sensitive data. This can potentially be exploited by attackers to gain unauthorized access to the system or perform other malicious activities.

How does the module work?

The "PHP source disclosure through backup files" module works by sending HTTP requests to specific file paths commonly used for storing configuration files in PHP-based applications. It uses a technique called "clusterbomb" to test multiple file extensions and filenames for potential backup files.

For example, it may send a GET request to the following path: /wp-config.php~

The module then analyzes the response from the server and applies matching conditions to determine if the file contains PHP source code. It checks for specific keywords, such as "

If any of these conditions are met, the module will report a vulnerability, indicating that backup files containing PHP source code are accessible and may pose a security risk.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET{%filepath%}{%bakext...
Payloads
2 payload lists
Matching conditions
status: 200and
word: <?php, <?=and
word: ?>, ($, $_GET[, $_POST[, $_REQUEST[, $_S...and
word: text/plain, bytes
Passive global matcher
No matching conditions.
On match action
Report vulnerability