Information Disclosure: Exposed settings.php¶

Identifier: exposed_settings_php

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

Backup copies of settings files may be exposed in accessible locations, potentially revealing sensitive data like database credentials and secret keys that attackers could use to compromise systems.

How we test: We scan for exposed backup files such as settings.php.bak, settings.php.old, or other common backup file extensions. We check if these files are accessible and contain sensitive configuration data that should not be publicly available.

References:

https://www.infosecmatter.com/bug-bounty-tips-8-oct-14/#4-graphql-notes-for-beginners

Configuration¶

Example¶

Example configuration:

---
security_tests:
  exposed_settings_php:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.