id: symfony-database-config info: name: Symfony Database Configuration File - Detect author: pdteam,geeknik severity: high description: Symfony database configuration file was detected and may contain database credentials. reference: https://symfony.com/legacy/doc/reference/1_3/en/07-Databases classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cwe-id: CWE-200 tags: config,exposure,symfony metadata: max-request: 1 http: - method: GET path: - "{{BaseURL}}/config/databases.yml" matchers-condition: and matchers: - type: word part: header words: - "text/html" negative: true - type: status status: - 200 - type: word words: - "class:" - "param:" condition: and part: body # Enhanced by md on 2023/02/23