Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

routes.ini File Exposure

By kannthu

Informative
Vidoc logoVidoc Module
#routes#config#exposure#files
Description

Module: routes.ini File Exposure

What is the "routes.ini File Exposure?"

The "routes.ini File Exposure" module is designed to detect the exposure of the routes.ini file in various configurations. It targets software that utilizes the routes.ini file for routing configuration. This module has an informative severity level and was authored by geeknik.

Impact

If the routes.ini file is exposed, it can potentially reveal sensitive information about the application's routing configuration. This could lead to unauthorized access or manipulation of the application's routes, potentially compromising its functionality and security.

How does the module work?

The module works by sending HTTP requests to specific paths where the routes.ini file may be exposed. It then applies matching conditions to determine if the file is present and if certain keywords or patterns are found within its contents.

For example, one of the HTTP requests sent by the module could be:

GET /routes.ini

The module applies two matching conditions:

- The presence of specific words in the body of the response, such as "defaults.action" and "routes.admin". - The presence of specific words in the body of the response, such as "[routes]" and "GET /".

If any of these conditions are met, the module considers the routes.ini file to be exposed.

Metadata:

Verified: true

Github query: filename:routes.ini

Google query: intitle:"index of" "routes.ini"

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/routes.ini/config/routes.ini/admin/configs/route...(+12 paths)
Matching conditions
word: defaults.action, routes.adminor
word: [routes], GET /
Passive global matcher
No matching conditions.
On match action
Report vulnerability