Symfony Database Configuration File - Detect

ID: symfony-database-config

Severity: high

Author: pdteam,geeknik

Tags: config,exposure,symfony

Description

Symfony database configuration file was detected and may contain database credentials.

YAML Source

id: symfony-database-config

info:
  name: Symfony Database Configuration File - Detect
  author: pdteam,geeknik
  severity: high
  description: Symfony database configuration file was detected and may contain database credentials.
  reference: https://symfony.com/legacy/doc/reference/1_3/en/07-Databases
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-200
  metadata:
    max-request: 1
  tags: config,exposure,symfony

http:
  - method: GET
    path:
      - "{{BaseURL}}/config/databases.yml"

    matchers-condition: and
    matchers:
      - type: word
        part: header
        words:
          - "text/html"
        negative: true

      - type: status
        status:
          - 200

      - type: word
        words:
          - "class:"
          - "param:"
        condition: and
        part: body
# digest: 4a0a004730450221009adeafdab9382017bb7460652f8fb826bfe8b4ef59def92d8e103daa2a873ebb02205f502fd9b930e73f8721f9ce17c237e3604f37e2835b77db632e3ed638ccecdd:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/exposures/configs/symfony-database-config.yaml"

View on Github