Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "JsAPI Ticket Json" module is designed to detect misconfigurations in the JsAPI ticket JSON file. JsAPI is a software that provides JavaScript API access to various functionalities. This module focuses on identifying vulnerabilities related to the exposure of sensitive information in the JsAPI ticket JSON file.
This module has a low severity level, indicating that the potential impact of the identified misconfigurations or vulnerabilities is relatively limited.
Author: DhiyaneshDK
If misconfigurations or vulnerabilities are found in the JsAPI ticket JSON file, it could potentially expose sensitive information, such as the expiration time and the JsAPI ticket itself. This information could be exploited by malicious actors to gain unauthorized access or perform other malicious activities.
The "JsAPI Ticket Json" module works by sending a GET request to the "/jsapi_ticket.json" path. It then applies matching conditions to determine if the response contains specific keywords, such as "expire_time" and "jsapi_ticket," and if the response status is 200 (OK).
Example HTTP request:
GET /jsapi_ticket.json
The module matches the response against the following conditions:
- The response must contain both "expire_time" and "jsapi_ticket" keywords. - The response status must be 200 (OK).If these conditions are met, the module will report a vulnerability related to the exposure of sensitive information in the JsAPI ticket JSON file.
Reference: https://www.exploit-db.com/ghdb/6070
Metadata:
- Verified: true - Google query: intitle:"index of" "jsapi_ticket.json"