Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "ASP.NET Debugging Enabled" module is designed to detect misconfigurations related to ASP.NET debugging. It targets websites built on the ASP.NET framework and checks if the debugging mode is enabled. This module has an informative severity level and was authored by dhiyaneshDk.
If ASP.NET debugging is enabled on a production website, it can pose a security risk. Debugging mode provides detailed error information, which can potentially expose sensitive data and aid attackers in identifying vulnerabilities or exploiting the system.
The module works by sending an HTTP request to the target website with the following template:
DEBUG /Foobar-debug.aspx HTTP/1.1
Host: {%Hostname%}
Command: stop-debug
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Content-Length: 2
The module then applies the following matching conditions:
- The response status must be 200. - The response body must contain the word "OK". - The response header must contain the word "Content-Length: 2".If all the matching conditions are met, the module reports a vulnerability related to ASP.NET debugging being enabled.
Reference- https://portswigger.net/kb/issues/00100800_asp-net-debugging-enabled
Metadatamax-request: 1