How this template works
APIs Selection
The template uses API selection filters to specify the desired response code range (between 200 and 299) and to extract the URL from the response using the "urlVar" variable.
Execute request
The template executes a single request by modifying the URL with the paths specified in the "urlPaths" word list. The modified URLs are used to check for the presence of the MongoDB credentials file.
Validation
The template validates the response by checking if the response code is equal to 200, if the response payload contains specific keywords related to MongoDB credentials, and if the response headers contain the value "application/json". If all validation conditions are met, the vulnerability is considered to be present.
Frequently asked questions
Explore other tests
eSMTP - Config Discovery
Nginx - Git Configuration Exposure
Laravel - Sensitive Information Disclosure
Docker Container - Misconfiguration Exposure
Msmtp - Config Exposure
Parameters.yml - File Discovery
Mongo Express - Unauthenticated Access
Apache Airflow Configuration Exposure
Dockerrun AWS Configuration Exposure
Apache Config file disclosure
Appspec Yml Disclosure
CGI script environment variable