Sensitive Configuration Files Listing
Directory listing of sensitive files.
Security Misconfiguration (SM)
How this template works
The API selection filters in this template specify the criteria for selecting the APIs to be tested. In this case, the filters include the response code filter, which selects APIs with a response code greater than or equal to 200 and less than 300, and the URL filter, which extracts the URL from the response and assigns it to the variable "urlVar".
The execute section of the template defines the type of request to be executed. In this case, it is a single request. The request is modified using the "modify_url" action, where the URL variable "urlVar" is appended with "/config/". This modified URL is used to send the request.
The validation section specifies the conditions that the response should meet to be considered valid. In this template, the response code is validated to be equal to 200, indicating a successful request. Additionally, the response payload is checked to ensure it contains both "Index of /configs" and "Parent Directory" strings. If these conditions are met, the validation is successful.
Frequently asked questions
What is the purpose of the "CONFIGURATION_LISTING" array in this test
How does the vulnerability described in the "CONFIGURATION_LISTING" array pose a risk to the application's security
What is the severity level assigned to the vulnerability described in the "CONFIGURATION_LISTING" array
What is the category and subcategory of the vulnerability described in the "CONFIGURATION_LISTING" array
What are the API selection filters defined in this test
How is the vulnerability validated in this test