Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
This module, named StyleCi Yaml File Disclosure, is designed to detect a misconfiguration vulnerability related to the StyleCi software. StyleCi is a software tool used for automatically fixing code style issues in PHP projects. This module specifically focuses on the disclosure of the .styleci.yml
file, which contains the configuration settings for StyleCi.
The severity of this vulnerability is classified as informative, indicating that it provides valuable information but does not pose an immediate threat to the system.
If the .styleci.yml
file is exposed, it may reveal sensitive information about the project's code style configuration. This could potentially expose details such as preset configurations, disabled rules, or other settings that could be leveraged by an attacker to gain insights into the project's codebase.
The module works by sending an HTTP GET request to the .styleci.yml
file path (/.styleci.yml
) and then applying matching conditions to determine if the misconfiguration vulnerability exists.
The matching conditions for this module are as follows:
- The response body must contain the words php, preset, and disabled. - The response status code must be 200.If both conditions are met, the module will report a vulnerability related to the StyleCi Yaml File Disclosure.