Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

ArcGIS Exposed Docs

By kannthu

Informative
Vidoc logoVidoc Module
#api#arcgis#cms
Description

ArcGIS Exposed Docs

What is the "ArcGIS Exposed Docs" module?

The "ArcGIS Exposed Docs" module is a test case designed to detect misconfigurations in ArcGIS software. It targets the ArcGIS REST API and aims to identify exposed ArcGIS documents. This module has an informative severity level.

Impact

The module helps identify misconfigurations in ArcGIS software, which can potentially expose sensitive documents and data. By detecting these vulnerabilities, organizations can take necessary steps to secure their ArcGIS installations and prevent unauthorized access to sensitive information.

How the module works?

The "ArcGIS Exposed Docs" module works by sending HTTP requests to the ArcGIS REST API and analyzing the responses. It uses the following matching conditions:

- Matcher 1: The response must contain the phrase "ArcGIS REST API". - Matcher 2: The response status code must be 200 (OK).

If both matching conditions are met, the module considers the target as potentially exposing ArcGIS documents.

Here is an example of an HTTP request sent by the module:

GET /server/sdk/rest/index.html

The module checks if the response contains the phrase "ArcGIS REST API" and if the response status code is 200. If these conditions are satisfied, the module reports a potential vulnerability.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/server/sdk/rest/ind...
Matching conditions
word: ArcGIS REST APIand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability