Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Angular JSON File Exposure" module is designed to detect misconfigurations in Angular applications that may expose sensitive JSON files. It specifically targets the angular.json and angular-cli.json files, which contain configuration settings for Angular projects.
This module has an informative severity level, meaning it provides information about potential vulnerabilities but does not pose an immediate threat.
This module was authored by DhiyaneshDk.
If the "Angular JSON File Exposure" module detects a misconfiguration, it indicates that the Angular application may be exposing sensitive JSON files. This could potentially lead to unauthorized access to sensitive information or configuration details.
The "Angular JSON File Exposure" module works by sending HTTP requests to specific paths where the angular.json and angular-cli.json files are commonly located. It then applies matching conditions to determine if the files are exposed and if the response meets the expected criteria.
For example, one of the HTTP requests sent by this module could be:
GET /.angular-cli.json
The module applies the following matching conditions:
- The response body must contain the words"root":
and "config":
- The response header must include the word "application/json"
- The response status code must be 200
If all the matching conditions are met, the module reports a potential misconfiguration.