nuclei-templates/http/exposures/files/generic-db.yaml

155 lines
6.8 KiB
YAML
Raw Normal View History

id: generic-db
info:
2024-03-20 04:03:12 +00:00
name: Generic Database File - Exposure
author: Michal Mikolas (nanuqcz)
severity: high
2024-03-20 08:08:58 +00:00
description: |
This is collection of some web frameworks recommendation or default configuration for SQLite database file location. If this file is publicly accessible due to server misconfiguration, it could result in application data leak including users sensitive data, password hashes etc.
reference:
- https://laravel.com/docs/11.x/database#sqlite-configuration # database/database.sqlite
- https://laravel.com/docs/5.2/database # database/database.sqlite
- https://github.com/laracasts/larabook/blob/master/app/config/database.php#L51 # app/database/production.sqlite
- https://forum.codeigniter.com/post-389846.html # writable/db.sqlite3
- https://github.com/codeigniter4projects/playground/blob/develop/.env.example#L33 # writable/database.db
- https://symfony.com/doc/current/doctrine.html#configuring-the-database # var/app.db
- https://symfony.com/doc/4.x/doctrine.html#configuring-the-database # var/app.db
- https://symfony.com/doc/3.x/doctrine.html # app/sqlite.db
- https://symfony.com/doc/2.x/doctrine.html # sqlite.db
- https://openclassrooms.com/forum/sujet/symfony3-sqlite-could-not-create-database # var/data/db.sqlite
- https://symfony.com/doc/current/reference/configuration/doctrine.html#doctrine-dbal-configuration # var/data/data.sqlite
- https://stackoverflow.com/questions/31762878/sqlite-3-database-with-django # db.sqlite3
- https://medium.com/@codewithbushra/using-sqlite-as-a-database-backend-in-django-projects-code-with-bushra-d23e3100686e # db.sqlite3
- https://gist.github.com/jwo/4512764?permalink_comment_id=2235763#gistcomment-2235763 # db/production.sqlite3
- https://stackoverflow.com/a/30345819/1632572 # db/production.sqlite3
- https://developerhowto.com/2018/12/29/build-a-rest-api-with-node-js-and-express-js/ # db.sqlite
- https://sqldocs.org/sqlite/sqlite-nodejs/ # mydb.sqlite
- https://stackoverflow.com/questions/41620788/error-database-connection-sqlite-is-missing-or-could-not-be-created-cakephp # app/data/app_db.sqlite
- https://stackoverflow.com/questions/2722383/using-sqlite3-with-cakephp # app/webroot/database.sqlite, app/database.sqlite
- https://levelup.gitconnected.com/how-to-connect-and-use-the-sqlite-database-in-codeigniter-3-48cd50d3e78d # application/databases/db.sqlite
- https://turmanauli.medium.com/how-to-connect-codeigniter-to-sqlite3-database-like-a-pro-2177497a6d30 # application/db/database.sqlite
- https://forum.codeigniter.com/thread-74522.html # application/Database/db1.db
- https://stackoverflow.com/a/37088960/1632572 # application/database/data.db
- https://docs.laminas.dev/tutorials/getting-started/database-and-models/ # data/*.db
- https://phalcon-nucleon.github.io/#!database/getting-started.html # storage/database/database.sqlite
- https://www.yiiframework.com/doc/blog/1.1/en/prototype.database # protected/data/*.db
- https://pusher.com/tutorials/rest-api-slim-part-1/ # db/database.db
- https://www.digitalocean.com/community/tutorials/how-to-use-the-fat-free-php-framework # db/database.sqlite
- https://doc.nette.org/en/database/configuration#toc-single-connection # app/Model/*.db
- https://www.sqlite.org/fileformat.html # SQLite file always starts with "SQLite format {sqlite_version}"
- https://en.wikipedia.org/wiki/List_of_file_signatures # SQLite binary signature: 53 51 4C 69 74 65 20 66 6F 72 6D 61 74 20
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
metadata:
2024-03-20 04:03:12 +00:00
max-request: 89
tags: files,database,exposure,sqlite,sqlite3,fuzz
http:
- method: GET
path:
2024-03-20 07:21:44 +00:00
- "{{BaseURL}}/{{path}}"
2024-03-20 07:21:44 +00:00
payloads:
path:
- database/database.sqlite
- database/production.db
- database/production.sqlite
- database/production.sqlite3
- app/database/production.sqlite
- writable/db.sqlite3
- writable/database.db
- var/app.db
- var/data/db.sqlite
- var/data/data.sqlite
- app/sqlite.db
- sqlite.db
- db.sqlite3
- db/production.sqlite3
- db.sqlite
- mydb.sqlite
- app/data/app_db.sqlite
- app/webroot/database.sqlite
- app/database.sqlite
- application/databases/db.sqlite
- application/db/database.sqlite
- application/Database/db1.db
- application/database/data.db
- data/app.db
- data/sqlite.db
- data/sqlite3.db
- data/database.db
- data/production.db
- storage/database/database.sqlite
- protected/data/app.db
- protected/data/sqlite.db
- protected/data/sqlite3.db
- protected/data/database.db
- protected/data/production.db
- db/database.db
- db/database.sqlite
- app/Model/app.db
- app/Model/sqlite.db
- app/Model/sqlite3.db
- app/Model/database.db
- app/Model/production.db
- app.db
- sqlite3.db
- app.sqlite
- app.sqlite3
- database.db
- database.sqlite
- database.sqlite3
- production.db
- production.sqlite
- production.sqlite3
- db/db.sqlite
- db/db.sqlite3
- db/sqlite.db
- db/sqlite3.db
- db/app.db
- db/app.sqlite
- db/app.sqlite3
- db/database.sqlite3
- db/production.db
- db/production.sqlite
- app/db.sqlite
- app/db.sqlite3
- app/sqlite3.db
- app/app.db
- app/app.sqlite
- app/app.sqlite3
- app/database.db
- app/database.sqlite3
- app/production.db
- app/production.sqlite
- app/production.sqlite3
- data/db.sqlite
- data/db.sqlite3
- data/app.sqlite
- data/app.sqlite3
- data/database.sqlite
- data/database.sqlite3
- data/production.sqlite
- data/production.sqlite3
- database/db.sqlite
- database/db.sqlite3
- database/sqlite.db
- database/sqlite3.db
- database/app.db
- database/app.sqlite
- database/app.sqlite3
- database/database.db
- database/database.sqlite3
stop-at-first-match: true
matchers:
- type: dsl
dsl:
2024-03-20 04:03:12 +00:00
- 'startswith(body, "SQLite")' # SQLite file always starts with "SQLite format {sqlite_version}"
- 'contains(body, "CREATE TABLE")' # SQLite file usually contains "CREATE TABLE", meaning there is at least one table
- '!contains(body, "<html")'
- 'status_code == 200'
condition: and
# digest: 490a004630440220728da4c91b324676a73b87b97a0fcd85c177c937f1bfb66fb76fa58a5656a55a02201688370ad836347fbdf7a761ab9090f37a601fb7fd1da97220f82b981fb79477:922c64590222798bb761d5b6d8e72950