Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Drupal JSON:API User Listing" module is a module designed to detect misconfigurations in Drupal websites that use the JSON:API module. It targets the Drupal software and aims to identify potential vulnerabilities or exposure related to user listing functionality. This module has a medium severity level and was authored by lixts.
This module helps identify any misconfigurations or vulnerabilities related to the user listing functionality in Drupal websites that use the JSON:API module. By detecting these issues, website administrators can take appropriate actions to secure their websites and protect user data.
The "Drupal JSON:API User Listing" module works by sending HTTP requests to the "/jsonapi/user/user" endpoint of the targeted Drupal website. It then applies matching conditions to the responses received to determine if any misconfigurations or vulnerabilities exist.
One example of a matching condition used by this module is a regular expression that looks for the presence of a JSON object with the key "display_name" and a corresponding value. Additionally, the module checks if the HTTP response status is 200, indicating a successful request.
By analyzing the responses and matching conditions, the module can identify any potential misconfigurations or vulnerabilities related to the user listing functionality in Drupal websites using the JSON:API module.
For more information, you can refer to the Drupal.org project page.
Metadata: verified: true