Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

ASP.NET Trace.AXD Information Leak

By kannthu

Low
Vidoc logoVidoc Module
#logs#asp#exposure
Description

What is the "ASP.NET Trace.AXD Information Leak?"

The "ASP.NET Trace.AXD Information Leak" module is designed to detect a potential information leak vulnerability in ASP.NET applications. This module targets the "Trace.axd" file, which is used for tracing and debugging purposes in ASP.NET applications.

The severity of this vulnerability is classified as low.

This module was authored by dhiyaneshDK.

Impact

If exploited, the "ASP.NET Trace.AXD Information Leak" vulnerability could expose sensitive information about the application, such as stack traces, error messages, and potentially sensitive configuration details. This information could be leveraged by attackers to gain a better understanding of the application's structure and potentially identify additional vulnerabilities.

How the module works?

The "ASP.NET Trace.AXD Information Leak" module works by sending a GET request to the "/Trace.axd" path of the target application. It then applies two matching conditions to determine if the vulnerability is present:

    - The module checks if the response contains the HTML code "

    Application Trace

    ". This code indicates the presence of the application trace information, which suggests a potential information leak. - The module also checks if the response status code is 200, indicating a successful request. This condition ensures that the target application is accessible and responsive.

If both matching conditions are met, the module reports the vulnerability.

Reference:

- https://www.rapid7.com/db/vulnerabilities/spider-asp-dot-net-trace-axd/

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/Trace.axd
Matching conditions
word: <td><h1>Application Trace</h1></td>and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability