Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Redmine settings.yml File Disclosure

By kannthu

Informative
Vidoc logoVidoc Module
#misconfig#redmine#devops#files
Description

Redmine settings.yml File Disclosure Module

What is the Redmine settings.yml File Disclosure Module?

The Redmine settings.yml File Disclosure module is designed to detect a misconfiguration vulnerability in the Redmine software. Redmine is a popular project management and issue tracking tool used by many organizations. This module focuses on identifying the exposure of the settings.yml file, which contains sensitive configuration information.

The severity of this module is classified as informative, indicating that it provides valuable information about potential security risks but does not directly exploit or compromise the system.

Impact

If the Redmine settings.yml file is exposed, it can lead to the disclosure of sensitive information such as database credentials, secret keys, and other configuration details. This information can be leveraged by attackers to gain unauthorized access to the system or perform other malicious activities.

How the module works?

The Redmine settings.yml File Disclosure module works by sending HTTP requests to specific paths commonly associated with the settings.yml file. These paths include "/settings.yml", "/config/settings.yml", and "/redmine/config/settings.yml". The module expects a successful response with a status code of 200 and specific words like "format:", "default:", and "Redmine" in the response body.

By analyzing the response, the module determines if the settings.yml file is accessible and if it contains the expected configuration structure. If the conditions are met, the module reports a potential misconfiguration vulnerability.

Here is an example of an HTTP request sent by the module:

GET /settings.yml
Host: example.com

The matching conditions for this module are:

- The response body must contain the words "format:", "default:", and "Redmine". - The response status code must be 200.

If both conditions are satisfied, the module identifies the presence of the Redmine settings.yml file and reports it as a potential vulnerability.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/settings.yml/config/settings.yml/redmine/config/sett...
Matching conditions
word: format:, default:, Redmineand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability