nuclei-templates/http/misconfiguration/node-express-dev-env.yaml

47 lines
1.4 KiB
YAML
Raw Normal View History

2024-01-30 08:44:14 +00:00
id: node-express-dev-env
info:
2024-01-30 08:44:14 +00:00
name: Node.js Express NODE_ENV Development Mode
author: FLX
severity: medium
2024-01-30 09:54:28 +00:00
description: |
The Node.js application runs in development mode, which can expose sensitive information, such as source code and secrets, depending on the application.
reference:
- https://www.invicti.com/web-vulnerability-scanner/vulnerabilities/express-development-mode-is-enabled/
- https://www.synopsys.com/blogs/software-security/nodejs-mean-stack-vulnerabilities.html
metadata:
max-request: 2
verified: true
shodan-query: "X-Powered-By: Express"
2024-01-30 09:53:48 +00:00
tags: nodejs,express,misconfig,devops,cicd,trace
flow: http(1) && http(2)
http:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: dsl
internal: true
dsl:
- "contains(tolower(all_headers), 'x-powered-by: express')"
- raw:
- |
2024-01-30 08:44:14 +00:00
GET / HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
Connection: close
t
2024-01-30 08:44:14 +00:00
matchers:
- type: dsl
dsl:
2024-01-30 08:44:14 +00:00
- "status_code==400"
- "contains(body, 'SyntaxError: Unexpected token')"
- "contains(tolower(all_headers), 'x-powered-by: express')"
condition: and
# digest: 4a0a00473045022100d0debb95087af51d1c60b5f8e1135fff6358308570e9fb9618ea54e87a1568e502202d94de6ec99ca826bb5c199ea960e571d6f9d5030885a415efc44f831f393244:922c64590222798bb761d5b6d8e72950