Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Publicly accessible access-log file" module is designed to detect the presence of publicly accessible access log files on a target website. Access log files contain records of all requests made to a web server, including sensitive information such as user IP addresses, requested URLs, and user agents. This module focuses on identifying misconfigurations that may expose these log files to unauthorized access.
This module targets websites that have access log files stored in common locations, such as "/access.log", "/log/access.log", "/logs/access.log", or "/application/logs/access.log".
The severity of this module is classified as low, as it primarily detects misconfigurations rather than vulnerabilities or software fingerprints.
Author: sheikhrishad
If the access log files are publicly accessible, it can pose a security risk as sensitive information contained within these logs can be accessed by unauthorized individuals. This information can potentially be used for malicious purposes, such as identifying vulnerabilities or launching targeted attacks.
The "Publicly accessible access-log file" module works by sending HTTP requests to the target website and checking for specific conditions to identify the presence of publicly accessible access log files.
An example of an HTTP request sent by this module:
GET /access.log
The module uses the following matching conditions:
- The response should contain the string "GET /
"
- The response headers should include the string "text/plain
"
- The response status code should be "200
"
If all of these conditions are met, the module considers the access log file to be publicly accessible.