2024-09-27 14:50:45 +00:00
id : aspnetcore-dev-env
info :
2024-09-30 07:36:18 +00:00
name : ASP.NET Core Development Environment - Exposure
2024-09-27 14:50:45 +00:00
author : Mys7ic
severity : info
description : |
The ASP.NET Core application is running in Development mode, which could exposes detailed error messages and stack traces on the '/Error' page.
impact : |
2024-09-30 07:36:18 +00:00
Exposing detailed error messages and stack traces can reveal sensitive information such as server configurations, file paths, source code snippets, and other debug information. Attackers can use this information to identify vulnerabilities and compromise the application or underlying systems.
2024-09-27 14:50:45 +00:00
remediation : |
Set the 'ASPNETCORE_ENVIRONMENT' environment variable to 'Production' and ensure that detailed error messages are not exposed to end-users.
reference :
- https://docs.microsoft.com/en-us/aspnet/core/fundamentals/environments
metadata :
max-request : 1
2024-09-30 07:36:18 +00:00
vendor : microsoft
product : asp.net-core
shodan-query : html:"ASPNETCORE_ENVIRONMENT"
verified : true
tags : misconfig,aspnetcore,exposure
http :
2024-09-27 14:50:45 +00:00
- method : GET
path :
- "{{BaseURL}}/Error"
2024-09-30 07:36:18 +00:00
2024-09-27 14:50:45 +00:00
matchers-condition : or
matchers :
- type : word
2024-09-30 07:36:18 +00:00
part : body
2024-09-27 14:50:45 +00:00
words :
- "<strong>ASPNETCORE_ENVIRONMENT</strong> environment variable to <strong>Development</strong>"
2024-09-30 07:36:18 +00:00
2024-09-27 14:50:45 +00:00
- type : word
2024-09-30 07:36:18 +00:00
part : body
2024-09-27 14:50:45 +00:00
words :
- "ASPNETCORE_ENVIRONMENT"
- "<environment include=\"Development\">"
2024-09-30 07:36:18 +00:00
condition : and
2024-10-05 08:48:37 +00:00
# digest: 490a0046304402202067b5f6070703eaccb234d9fadb99bbfd78c2791b0073c494f498788060e8c00220755457d24f6d89d0f60a1cb5227c29412c43da39da4fb7c53c17460ecd6b2f81:922c64590222798bb761d5b6d8e72950
