Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Ruby on Rails secrets.yml File Exposure

By kannthu

High
Vidoc logoVidoc Module
#misconfig#cloud#devops#files
Description

What is the "Ruby on Rails secrets.yml File Exposure?" module?

The "Ruby on Rails secrets.yml File Exposure" module is designed to detect misconfigurations in Ruby on Rails applications that expose the secrets.yml file. This file contains sensitive information such as secret keys and database credentials, and its exposure can lead to potential security vulnerabilities.

This module has a severity level of high, indicating the potential impact of the vulnerability if left unaddressed.

This module was authored by DhiyaneshDK.

Impact

If the secrets.yml file is exposed, it can be accessed by unauthorized individuals or malicious actors. This can lead to the compromise of sensitive information, such as secret keys and database credentials, which can be used to gain unauthorized access to the application or its underlying infrastructure.

How does the module work?

The "Ruby on Rails secrets.yml File Exposure" module works by sending HTTP requests to specific paths where the secrets.yml file may be located, such as "/secrets.yml" or "/config/secrets.yml". It then applies matching conditions to determine if the file is exposed.

Matching conditions include:

- Regex Matcher: The module searches for a specific pattern in the secrets.yml file, specifically the "secret_key_base" value. If a match is found, it indicates that the file is exposed. - Header Matcher: The module checks the response headers to ensure that the content type is not "application/json" or "text/html". If the response contains these content types, it indicates that the file is not exposed. - Status Matcher: The module verifies that the HTTP response status is 200, indicating a successful request. If the status is different, it indicates that the file is not exposed.

By combining these matching conditions, the module determines whether the secrets.yml file is exposed or not.

Example HTTP request:

GET /secrets.yml

Note: The above example is a simplified representation of the HTTP request sent by the module.

For more information, you can refer to the reference related to this module.

Metadata:

- Verified: true - Google Query: intitle:"index of" "secrets.yml"

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/secrets.yml/config/secrets.yml/test/config/secrets...(+1 paths)
Matching conditions
regex: secret_key_base: ([a-z0-9]+)and
NOT word: application/json, text/htmland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability