Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Angular JSON File Exposure

By kannthu

Informative
Vidoc logoVidoc Module
#exposure#angularjs#files
Description

What is the "Angular JSON File Exposure?"

The "Angular JSON File Exposure" module is designed to detect misconfigurations in Angular applications that may expose sensitive JSON files. It specifically targets the angular.json and angular-cli.json files, which contain configuration settings for Angular projects.

This module has an informative severity level, meaning it provides information about potential vulnerabilities but does not pose an immediate threat.

This module was authored by DhiyaneshDk.

Impact

If the "Angular JSON File Exposure" module detects a misconfiguration, it indicates that the Angular application may be exposing sensitive JSON files. This could potentially lead to unauthorized access to sensitive information or configuration details.

How does the module work?

The "Angular JSON File Exposure" module works by sending HTTP requests to specific paths where the angular.json and angular-cli.json files are commonly located. It then applies matching conditions to determine if the files are exposed and if the response meets the expected criteria.

For example, one of the HTTP requests sent by this module could be:

GET /.angular-cli.json

The module applies the following matching conditions:

- The response body must contain the words "root": and "config": - The response header must include the word "application/json" - The response status code must be 200

If all the matching conditions are met, the module reports a potential misconfiguration.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/.angular-cli.json/angular-cli.json/angular.json(+1 paths)
Matching conditions
word: "root":, "config":and
word: application/jsonand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability