Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

PHPStan Configuration Exposure

By kannthu

Low
Vidoc logoVidoc Module
#devops#exposure
Description

PHPStan Configuration Exposure

What is the "PHPStan Configuration Exposure?"

The "PHPStan Configuration Exposure" module is designed to detect misconfigurations in the PHPStan configuration file. PHPStan is a static analysis tool for PHP that helps identify errors and potential issues in PHP code. This module focuses on identifying misconfigurations in the PHPStan configuration file, which can lead to security vulnerabilities or incorrect analysis results.

This module has a severity level of low, indicating that the impact of the detected misconfigurations may be limited.

Impact

If misconfigurations are found in the PHPStan configuration file, it can lead to inaccurate analysis results or expose sensitive information. This can potentially impact the overall security and reliability of the PHP codebase.

How the module works?

The "PHPStan Configuration Exposure" module works by sending an HTTP GET request to the /phpstan.neon path. It then applies a series of matching conditions to determine if misconfigurations are present in the response.

The matching conditions for this module are as follows:

- The response body must contain the word "parameters:". - The response headers must not contain the words "text/html" or "application/javascript". - The response status code must be 200.

If all of these conditions are met, the module will report a vulnerability related to the exposure of the PHPStan configuration file.

For example, if the PHPStan configuration file is accessible at https://example.com/phpstan.neon and the response body contains the word "parameters:", the module will flag it as a misconfiguration.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/phpstan.neon
Matching conditions
word: parameters:and
NOT word: text/html, application/javascriptand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability