Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "ArcGIS Exposed Docs" module is a test case designed to detect misconfigurations in ArcGIS software. It targets the ArcGIS REST API and aims to identify exposed ArcGIS documents. This module has an informative severity level.
The module helps identify misconfigurations in ArcGIS software, which can potentially expose sensitive documents and data. By detecting these vulnerabilities, organizations can take necessary steps to secure their ArcGIS installations and prevent unauthorized access to sensitive information.
The "ArcGIS Exposed Docs" module works by sending HTTP requests to the ArcGIS REST API and analyzing the responses. It uses the following matching conditions:
- Matcher 1: The response must contain the phrase "ArcGIS REST API". - Matcher 2: The response status code must be 200 (OK).If both matching conditions are met, the module considers the target as potentially exposing ArcGIS documents.
Here is an example of an HTTP request sent by the module:
GET /server/sdk/rest/index.html
The module checks if the response contains the phrase "ArcGIS REST API" and if the response status code is 200. If these conditions are satisfied, the module reports a potential vulnerability.