2023-10-07 19:46:02 +00:00
|
|
|
id: devexpress-detect
|
|
|
|
|
|
|
|
|
|
info:
|
2024-05-22 09:17:11 +00:00
|
|
|
name: DevExpress - Detect
|
2023-10-07 19:46:02 +00:00
|
|
|
author: CravateRouge
|
|
|
|
|
severity: info
|
2024-05-22 09:17:11 +00:00
|
|
|
description: |
|
|
|
|
|
Detect DevExpress based on the existence of its HTTP handler for serving images, scripts, and other resources to the client side.
|
2024-05-22 09:10:28 +00:00
|
|
|
reference:
|
|
|
|
|
- https://github.com/DevExpress/aspnet-security-bestpractices/blob/master/SecurityBestPractices.WebForms/README.md#53-information-exposure-through-source-code
|
|
|
|
|
- https://supportcenter.devexpress.com/ticket/details/q311748/dxr-axd-what-is-it-and-how-to-disable-it
|
2024-05-22 09:17:11 +00:00
|
|
|
metadata:
|
|
|
|
|
max-request: 1
|
|
|
|
|
shodan-query: html:"DXR.axd"
|
2023-10-07 19:46:02 +00:00
|
|
|
tags: devexpress,iis,microsoft,asp,tech
|
|
|
|
|
|
|
|
|
|
http:
|
|
|
|
|
- method: GET
|
|
|
|
|
path:
|
|
|
|
|
- "{{BaseURL}}"
|
|
|
|
|
|
|
|
|
|
redirects: true
|
|
|
|
|
max-redirects: 2
|
|
|
|
|
matchers:
|
|
|
|
|
- type: word
|
|
|
|
|
part: body
|
|
|
|
|
words:
|
2023-10-14 11:27:55 +00:00
|
|
|
- "DXR.axd"
|
2024-05-23 05:42:28 +00:00
|
|
|
# digest: 4a0a00473045022100e6b541bb707f808e2619e24fee2f542be9a9cbd19eb02851ba751615a5021d88022068d3b18cffac63e834595feb95fef57ed70a2bcd4b9ff6f29df6d6878426b6a1:922c64590222798bb761d5b6d8e72950
|
