Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

StyleCi Yaml File Disclosure

By kannthu

Informative
Vidoc logoVidoc Module
#config#exposure#devops#files
Description

StyleCi Yaml File Disclosure

What is the StyleCi Yaml File Disclosure module?

This module, named StyleCi Yaml File Disclosure, is designed to detect a misconfiguration vulnerability related to the StyleCi software. StyleCi is a software tool used for automatically fixing code style issues in PHP projects. This module specifically focuses on the disclosure of the .styleci.yml file, which contains the configuration settings for StyleCi.

The severity of this vulnerability is classified as informative, indicating that it provides valuable information but does not pose an immediate threat to the system.

Impact

If the .styleci.yml file is exposed, it may reveal sensitive information about the project's code style configuration. This could potentially expose details such as preset configurations, disabled rules, or other settings that could be leveraged by an attacker to gain insights into the project's codebase.

How the module works?

The module works by sending an HTTP GET request to the .styleci.yml file path (/.styleci.yml) and then applying matching conditions to determine if the misconfiguration vulnerability exists.

The matching conditions for this module are as follows:

- The response body must contain the words php, preset, and disabled. - The response status code must be 200.

If both conditions are met, the module will report a vulnerability related to the StyleCi Yaml File Disclosure.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/.styleci.yml
Matching conditions
word: php, preset, disabledand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability