Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Symfony Debug Mode" module is designed to detect misconfigurations in Symfony installations. It specifically targets the "debug" interface, which, when enabled, can potentially disclose and execute arbitrary code. This module has a high severity level and was authored by organiccrap and pdteam.
Enabling the "Symfony Debug Mode" can lead to the exposure of sensitive information and the execution of unauthorized code. This can pose a significant security risk to the Symfony application and its underlying infrastructure.
The "Symfony Debug Mode" module works by analyzing the HTTP responses of the target application. It uses specific matching conditions to identify if the "debug" interface is enabled. The module checks for the presence of the following patterns:
Header: x-debug-token-link: /_profiler/
Body: debug mode</a> is enabled.
If any of these patterns are found in the HTTP response, the module flags the Symfony installation as having the "debug" interface enabled.
Here is an example of an HTTP request that the module may send:
GET / HTTP/1.1
Host: example.com
The module then evaluates the response headers and body to determine if the "debug" interface is enabled.
It's important to note that the "Symfony Debug Mode" module is just one test case within the Vidoc platform, which utilizes multiple modules to perform comprehensive scanning and detection of vulnerabilities, misconfigurations, and software fingerprints.
For more information and references, you can visit the following link: https://github.com/synacktiv/eos