detect-config.ini
Detects the exposure of 'config.ini' files
id: exposed-config-ini
info:
name: Exposed config.ini File
author: Redflare-Cyber
severity: high
description: Detects the exposure of 'config.ini' files containing specific sensitive information at '/src/api/config.ini'.
requests:
- method: GET
path:
- "{{BaseURL}}/src/api/config.ini"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: regex
part: body
regex:
- '(?m)^\[encrypt\]'
- 'db_key\s*=\s*".*?"'
- 'sudo_key\s*=\s*".*?"'
- '(?m)^\[main\]'
- 'host\s*=\s*".*?"'
- '(?m)^\[upload\]'
- 'path\s*=\s*"\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/files\/"'
- '(?m)^\[download\]'
- 'path\s*=\s*"\.\.\/\.\.\/\.\.\/files\/"'
condition: and
- type: word
words:
- '<html'
- '<body'
- '<title'
negative: true
part: body
- type: dsl
dsl:
- 'len(body) >= 200 && len(body) <= 5000'
Last updated