Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

ELMAH Exposure

By kannthu

Medium
Vidoc logoVidoc Module
#logs#elmah#exposure
Description

What is the "ELMAH Exposure?" module?

The "ELMAH Exposure" module is designed to detect the presence of ELMAH (Error Logging Modules and Handlers) in an ASP.NET web application. ELMAH is an application-wide error logging facility that can be added dynamically to a running ASP.NET web application without the need for re-compilation. This module targets the ELMAH error log page and checks for the presence of the phrase "Error Log for" in the response body, along with a 200 status code. The severity of this module is classified as medium.

This module was authored by shine and idealphase.

Impact

If the "ELMAH Exposure" module detects the presence of ELMAH, it indicates that the error log page is exposed and accessible to potential attackers. This can potentially lead to the exposure of sensitive information, such as error details, stack traces, and potentially other sensitive data that may be logged by ELMAH.

How does the module work?

The "ELMAH Exposure" module sends HTTP GET requests to the following paths: "/elmah" and "/elmah.axd". It then checks the response body for the presence of the phrase "Error Log for" and verifies that the response status code is 200. If both conditions are met, the module considers the ELMAH error log page to be exposed.

Here is an example of an HTTP request sent by the module:

GET /elmah HTTP/1.1
Host: example.com

The module uses two matching conditions:

- Matcher 1: It checks if the phrase "Error Log for" is present in the response body. - Matcher 2: It verifies that the response status code is 200.

If both matching conditions are satisfied, the module reports a vulnerability.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/elmah/elmah.axd
Matching conditions
word: Error Log forand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability