Config Ruby File Disclosure
Security Misconfiguration (SM)
How this template works
The API selection filters in this template specify the criteria for selecting the API requests to be executed. In this case, the filters include the response code range (between 200 and 299) and the extraction of the "urlVar" from the response.
The execute section defines the type of request to be executed. In this template, it is a single request. The request is modified using the "modify_url" action, which appends the URL paths from the "urlPaths" word list to the original URL.
The validation section specifies the conditions that the response should meet to be considered valid. In this template, the response code should be equal to 200, and the response payload should contain both "images_dir" and "css_dir" strings. If the response meets these conditions, it is considered valid.
Frequently asked questions
What is the purpose of the "CONFIG_RUBY" array in this test
How does the vulnerability of "Config Ruby File Disclosure" occur
What are the potential consequences of the "Config Ruby File Disclosure" vulnerability
What category and subcategory does the "Config Ruby File Disclosure" vulnerability fall under
How does the test identify potential vulnerable URLs
How does the test validate if a URL is vulnerable to the "Config Ruby File Disclosure" vulnerability