mirror of
https://github.com/lunchcat/sif.git
synced 2026-07-04 11:47:01 -07:00
761e570d59
modules/recon/sql-dump-exposure.yaml flags an exposed SQL dump on its mysqldump and pg_dump idioms paired against a guard that drops SQL shown inside an html page, then extracts the dumped table name. modules/recon/sqlite-database-exposure.yaml flags an exposed SQLite file on the 16 byte format magic anchored to the start of the body, then extracts a schema table name. anchoring the magic keeps a page that merely embeds the header from being reported. modules/recon/redis-dump-exposure.yaml flags an exposed Redis RDB snapshot on the RDB magic anchored to the start of the body, then extracts the format version. internal/modules/database_file_exposure_test.go drives the three modules end to end through ExecuteHTTPModule and asserts the leak alongside the near misses a strict review wants pinned: a SQL tutorial page, a bare select, prose that names the sqlite or redis format, a header embedded mid body, a plain 200 body and a 404, none of which may match. verify: go test ./internal/modules, each matcher, magic anchor, guard and extractor proven to bite (break -> red, restore -> green).
40 lines
847 B
YAML
40 lines
847 B
YAML
# SQLite Database Exposure Detection Module
|
|
|
|
id: sqlite-database-exposure
|
|
info:
|
|
name: SQLite Database Exposure
|
|
author: sif
|
|
severity: high
|
|
description: Detects an exposed SQLite database file that leaks the full application data
|
|
tags: [database, sqlite, laravel, dump, exposure, recon]
|
|
|
|
type: http
|
|
|
|
http:
|
|
method: GET
|
|
paths:
|
|
- "{{BaseURL}}/database.sqlite"
|
|
- "{{BaseURL}}/database.sqlite3"
|
|
- "{{BaseURL}}/db.sqlite3"
|
|
- "{{BaseURL}}/data.db"
|
|
- "{{BaseURL}}/database/database.sqlite"
|
|
- "{{BaseURL}}/storage/database.sqlite"
|
|
|
|
matchers:
|
|
- type: status
|
|
status:
|
|
- 200
|
|
|
|
- type: regex
|
|
part: body
|
|
regex:
|
|
- '^SQLite format 3\x00'
|
|
|
|
extractors:
|
|
- type: regex
|
|
name: table_name
|
|
part: body
|
|
regex:
|
|
- 'CREATE TABLE ["`]?([A-Za-z0-9_]+)'
|
|
group: 1
|