46 lines
1.4 KiB
YAML
46 lines
1.4 KiB
YAML
id: node-express-dev-env
|
|
|
|
info:
|
|
name: Node.js Express NODE_ENV Development Mode
|
|
author: FLX
|
|
severity: medium
|
|
description: |
|
|
The Node.js application runs in development mode, which can expose sensitive information, such as source code and secrets, depending on the application.
|
|
reference:
|
|
- https://www.invicti.com/web-vulnerability-scanner/vulnerabilities/express-development-mode-is-enabled/
|
|
- https://www.synopsys.com/blogs/software-security/nodejs-mean-stack-vulnerabilities.html
|
|
metadata:
|
|
verified: true
|
|
max-request: 2
|
|
shodan-query: "X-Powered-By: Express"
|
|
tags: nodejs,express,misconfig,devops,cicd,trace
|
|
flow: http(1) && http(2)
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}"
|
|
|
|
matchers:
|
|
- type: dsl
|
|
internal: true
|
|
dsl:
|
|
- "contains(tolower(all_headers), 'x-powered-by: express')"
|
|
|
|
- raw:
|
|
- |
|
|
GET / HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Content-Type: application/json
|
|
Connection: close
|
|
|
|
t
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- "status_code==400"
|
|
- "contains(body, 'SyntaxError: Unexpected token')"
|
|
- "contains(tolower(all_headers), 'x-powered-by: express')"
|
|
condition: and
|
|
# digest: 4a0a004730450220761fa1a9c4121ca483493ae0f6a3a69b50db15d187e827a9abf4b50a8572c34a022100f96cde03c354a2eccf0c66b00269bcd75ff853d0d477d46d37e567af15ecc577:922c64590222798bb761d5b6d8e72950 |