BOOK THIS SPACE FOR AD
ARTICLE ADHello . Today I’ll explain how I found multiple vulnerabilites on a web app that used the Symfony Web Framwork where Symfony prolier/debug mode was enabledThen I proceed FFUF . I tried to fuzz the target using FFUF. I have found an interesting file which is “app_dev.php”(it indicates there might be Debug mode for Symfony is enabled)Let’s check it on the browser. Whenever I browsed “https://sub.test.com/app_dev.php” , found debug mode is enabled and got a profiler token to access Symfony Profiler. Also , I got the phpinfo file locationUntil now , the severity of my findings is Medium. I knew Symfony Debug toolbar allow reading files that couldSo I find an endpoint app/config/parameters.yml. I found Symfony version 3.4 version . It containts mail server and database
**Understanding Symfony profiler & Debug component
Symfony web framework has a feature called Symfony ProfilerThis profiler component can only be used when the debug mode is enabled (twist)The Symfony web framework is much more secure , but enabling debug mode will make this framework extremely vulnerableThe symfony web proiler component expose sensitive information of the web application— Why do devs enable Debug Component ?
The Debug component provided tools ease debugging PHP codeSymfony provides three environemts by default called dev,test, and prodSymfony highly recommends disabling profiler tools in the production environmentHow I found vulns (Step by step)
Let’s assume the target site is https://test.com . But the bug is of the subdomainFirst check what web technologiesUse WappalyzerIMPACT:
The impact of exposed credentials has a wide range of consequenses because those credentials can be used in data breaches
Mitigation
Disable the debug mode by setting APP_DEBUG to false . Debug mode should be disabled in the production environment