41 lines
1.6 KiB
YAML
41 lines
1.6 KiB
YAML
id: aspnetcore-dev-env
|
|
|
|
info:
|
|
name: ASP.NET Core Development Environment - Exposure
|
|
author: Mys7ic
|
|
severity: info
|
|
description: |
|
|
The ASP.NET Core application is running in Development mode, which could exposes detailed error messages and stack traces on the '/Error' page.
|
|
impact: |
|
|
Exposing detailed error messages and stack traces can reveal sensitive information such as server configurations, file paths, source code snippets, and other debug information. Attackers can use this information to identify vulnerabilities and compromise the application or underlying systems.
|
|
remediation: |
|
|
Set the 'ASPNETCORE_ENVIRONMENT' environment variable to 'Production' and ensure that detailed error messages are not exposed to end-users.
|
|
reference:
|
|
- https://docs.microsoft.com/en-us/aspnet/core/fundamentals/environments
|
|
metadata:
|
|
max-request: 1
|
|
vendor: microsoft
|
|
product: asp.net-core
|
|
shodan-query: html:"ASPNETCORE_ENVIRONMENT"
|
|
verified: true
|
|
tags: misconfig,aspnetcore,exposure
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/Error"
|
|
|
|
matchers-condition: or
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "<strong>ASPNETCORE_ENVIRONMENT</strong> environment variable to <strong>Development</strong>"
|
|
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "ASPNETCORE_ENVIRONMENT"
|
|
- "<environment include=\"Development\">"
|
|
condition: and
|
|
# digest: 490a0046304402202067b5f6070703eaccb234d9fadb99bbfd78c2791b0073c494f498788060e8c00220755457d24f6d89d0f60a1cb5227c29412c43da39da4fb7c53c17460ecd6b2f81:922c64590222798bb761d5b6d8e72950 |