Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Golang expvar Information Disclosure" module is designed to detect the presence of an information disclosure vulnerability in Golang applications. This vulnerability can potentially expose sensitive information about the application's internal state, such as memory statistics and command-line arguments. The severity of this vulnerability is classified as low.
This module was authored by luqman.
If the Golang expvar information disclosure vulnerability is present, an attacker may be able to gain insights into the application's internal workings, which could aid in further attacks or exploitation.
The module sends an HTTP GET request to the "/debug/vars" path of the target application. It then applies matching conditions to determine if the vulnerability is present.
The matching conditions for this module are:
- The response body must contain the words "\"memstats\":" and "\"cmdline\":" - The response status code must be 200If both conditions are met, the module will report the vulnerability.
Here is an example of the HTTP request sent by the module:
GET /debug/vars
Please note that the actual JSON definitions of the module are not shown here for brevity.