Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Get Access Token Json

By kannthu

Low
Vidoc logoVidoc Module
#exposure#files
Description

What is the "Get Access Token Json?" module?

The "Get Access Token Json" module is a test case designed to detect misconfigurations or vulnerabilities related to the retrieval of access tokens in a specific software. It targets the software that utilizes the JSON format for obtaining access tokens. The severity of this module is classified as low, indicating that the potential impact of any detected issues is relatively minor. The original author of this module is DhiyaneshDK.

Impact

This module aims to identify any misconfigurations or vulnerabilities related to the retrieval of access tokens. If any issues are found, it could potentially lead to unauthorized access or compromised security measures. It is important to address any detected issues promptly to ensure the integrity and confidentiality of the access token system.

How does the module work?

The "Get Access Token Json" module operates by sending HTTP requests and evaluating the responses based on predefined matching conditions. It searches for specific keywords, such as "access_token" and "token_type," within the response body. Additionally, it verifies that the HTTP status code is 200, indicating a successful request.

Here is an example of an HTTP request that the module may send:

GET /wp-content/plugins/constant-contact-forms/vendor/constantcontact/constantcontact/test/Json/Auth/get_access_token.json

The module uses the following matching conditions:

- The response body must contain the keywords "access_token" and "token_type" (both conditions must be met). - The HTTP status code must be 200.

If these conditions are met, the module will report a potential misconfiguration or vulnerability related to the retrieval of access tokens.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/wp-content/plugins/.../wp-content/plugins/...
Matching conditions
word: "access_token":, "token_type":and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability