Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Express Stack Trace

By kannthu

Low
Vidoc logoVidoc Module
#misconfig#express
Description

What is the "Express Stack Trace?"

The "Express Stack Trace" module is designed to detect misconfigurations in applications built with the Express framework. Express is a popular web application framework for Node.js, known for its simplicity and flexibility. This module focuses on identifying misconfigurations that can lead to a "NotFoundError: Not Found" error and provides a low severity rating.

Impact

If misconfigurations are present in an Express application, it can result in unexpected behavior and potential security vulnerabilities. The "Express Stack Trace" module helps identify these misconfigurations, allowing developers to address them and improve the overall security and reliability of their applications.

How the module works?

The "Express Stack Trace" module works by sending a GET request to a randomly generated path in the target application. It then checks for specific matching conditions to determine if a misconfiguration is present. The matching conditions include:

- Checking if the response body contains the string "NotFoundError: Not Found" and "at Function.handle". - Verifying that the response header includes the string "text/html". - Ensuring that the response status code is 404 (Not Found).

If all of these conditions are met, the module reports a potential misconfiguration in the Express application.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/{%randTextAlphanume...
Matching conditions
word: NotFoundError: Not Found, at Function.ha...and
word: text/htmland
status: 404
Passive global matcher
No matching conditions.
On match action
Report vulnerability