Wgetrc Configuration File Exposure
Exposes the Wgetrc configuration file used by Wget utility, containing potentially sensitive information.
Security Misconfiguration (SM)
How this template works
The API selection filters in this template specify the criteria for selecting the API requests to be executed. In this case, the filters include the response code range (between 200 and 299) and the extraction of the "urlVar" from the response URL.
The execute section defines the type of request to be executed. In this template, a single request is executed, and the URL is modified using the "urlPaths" word list, which contains two possible paths: "/wgetrc" and "/.wgetrc".
The validation section specifies the conditions that the response should meet to be considered valid. It checks that the response code is equal to 200, the response payload contains both "/etc/wgetrc" and "wget.info", and the response headers contain the value "application/octet-stream".
Frequently asked questions
What is the purpose of the Wgetrc configuration file
How can unauthorized access to the Wgetrc configuration file pose a security risk
What are the potential impacts of exposing the Wgetrc configuration file
What category does the Wgetrc Configuration File Exposure fall under
What severity level is assigned to the Wgetrc Configuration File Exposure
Are there any references or additional resources available for further information