Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

phpunit.xml File Disclosure

By kannthu

Informative
Vidoc logoVidoc Module
#exposure#files
Description

What is the "phpunit.xml File Disclosure?"

The "phpunit.xml File Disclosure" module is designed to detect a misconfiguration vulnerability in the phpunit.xml file. This module targets the phpunit.xml file, which is commonly used in the development of WampServer 3.1 and is packaged with WampServer 3.1.9 and XAMPP 5.6.40. The severity of this vulnerability is classified as informative.

Author: pikpikcu

Impact

If the phpunit.xml file is exposed, it may disclose sensitive information about the application's configuration. This can potentially lead to further exploitation of the system.

How does the module work?

The module sends an HTTP GET request to the "/phpunit.xml" path. It then applies two matching conditions:

    - The response body must contain the words "<phpunit" and "</phpunit>" - The response status code must be 200

If both conditions are met, the module will report a vulnerability.

Example HTTP request:

GET /phpunit.xml

Matching conditions:

- Response body must contain the words "<phpunit" and "</phpunit>" - Response status code must be 200

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/phpunit.xml
Matching conditions
word: <phpunit, </phpunit>and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability