Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Production Log File Disclosure

By kannthu

Low
Vidoc logoVidoc Module
#exposure#files#logs
Description

Production Log File Disclosure

What is the "Production Log File Disclosure?"

The "Production Log File Disclosure" module is designed to detect the exposure of production log files on a website. It targets the software that generates these log files and checks for potential misconfigurations or vulnerabilities. The severity of this module is classified as low, indicating a relatively lower risk level. The original author of this module is geeknik.

Impact

If the production log files are exposed, it can potentially lead to the disclosure of sensitive information. These log files often contain details about the website's operations, including database connection information, error messages, and other system-related data. Unauthorized access to these log files can provide valuable insights to attackers and potentially aid in further exploitation.

How the module works?

The "Production Log File Disclosure" module works by sending HTTP requests to specific paths commonly associated with production log files. It checks for certain matching conditions to determine if the log files are exposed. The module verifies that the response status is 200, indicating a successful request, and that the response does not contain the header "text/html" to ensure it is not a web page. Additionally, it searches for the presence of the phrase "Connecting to database specified by database.yml" within the response content.

Here is an example of an HTTP request sent by the module:

GET /log/production.log

The module matches the conditions mentioned above to identify potential instances of production log file exposure. If a match is found, it reports the vulnerability.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/log/production.log/logs/production.log/production.log
Matching conditions
word: Connecting to database specified by data...and
NOT word: text/htmland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability