Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "phpunit.xml File Disclosure" module is designed to detect a misconfiguration vulnerability in the phpunit.xml file. This module targets the phpunit.xml file, which is commonly used in the development of WampServer 3.1 and is packaged with WampServer 3.1.9 and XAMPP 5.6.40. The severity of this vulnerability is classified as informative.
Author: pikpikcu
If the phpunit.xml file is exposed, it may disclose sensitive information about the application's configuration. This can potentially lead to further exploitation of the system.
The module sends an HTTP GET request to the "/phpunit.xml" path. It then applies two matching conditions:
If both conditions are met, the module will report a vulnerability.
Example HTTP request:
GET /phpunit.xml
Matching conditions:
- Response body must contain the words "<phpunit" and "</phpunit>" - Response status code must be 200