Father
Professional
- Messages
- 2,602
- Reaction score
- 852
- Points
- 113
Pentesting a Drupal-based web application? Try to unload information for all installed modules. This information can point you to various files containing confidential information.
Get information about installed modules:
Load content from the files obtained in the previous step, for example:
Get information about installed modules:
Code:
curl https://example.com/config/sync/core.extension.yml
curl https://example.com/core/core.services.ymlLoad content from the files obtained in the previous step, for example:
Code:
curl https://example.com/config/sync/swiftmailer.transport.yml
