ASP.NET Debugging Enabled

What is "ASP.NET Debugging Enabled?"

The "ASP.NET Debugging Enabled" module is designed to detect misconfigurations related to ASP.NET debugging. It targets websites built on the ASP.NET framework and checks if the debugging mode is enabled. This module has an informative severity level and was authored by dhiyaneshDk.

Impact

If ASP.NET debugging is enabled on a production website, it can pose a security risk. Debugging mode provides detailed error information, which can potentially expose sensitive data and aid attackers in identifying vulnerabilities or exploiting the system.

How the module works?

The module works by sending an HTTP request to the target website with the following template:

DEBUG /Foobar-debug.aspx HTTP/1.1
Host: {%Hostname%}
Command: stop-debug
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Content-Length: 2

The module then applies the following matching conditions:

- The response status must be 200. - The response body must contain the word "OK". - The response header must contain the word "Content-Length: 2".

If all the matching conditions are met, the module reports a vulnerability related to ASP.NET debugging being enabled.

Reference

- https://portswigger.net/kb/issues/00100800_asp-net-debugging-enabled

Metadata

max-request: 1