Attacker can get unauthorized access of Docker Compose configuration files.
Security Misconfiguration (SM)
How this template works
The API selection filters in this template specify the criteria for selecting the APIs to be tested. In this case, the filters include the response code range (between 200 and 299) and the extraction of the "urlVar" variable from the URL.
The execute section of the template defines the type of request to be executed, which is a single request in this case. It also specifies the modifications to be made to the URL using the "urlPaths" word list, and enables following redirects.
The validation section sets the criteria for validating the response of the executed request. It checks that the response code is equal to 200 and that the response payload contains both the "version" and "services" keywords.
Frequently asked questions
What is the purpose of the "urlPaths" word list in the array
How does the "execute" section of the array modify the URL
What is the purpose of the "validate" section in the array
How does the "response_payload" validation work
What is the significance of the "severity" field in the array
How can an attacker exploit the vulnerability described in the "info" field