Skip to content

Sensitive Data: Fanwei OA E-Office - Information Disclosure

Identifier: ecology_mysql_config

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

Fanwei E-Office mysql_config.ini files can be directly accessed, potentially leaking database account passwords and other sensitive configuration information.

How we test: We test for exposed MySQL configuration files in Fanwei E-Office by attempting to access mysql_config.ini files and analyzing responses to detect if database credentials and configuration details are exposed.

Configuration

Example

Example configuration:

---
security_tests:
  ecology_mysql_config:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.