Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

JsAPI Ticket Json

By kannthu

Low
Vidoc logoVidoc Module
#exposure#jsapi#files
Description

What is the "JsAPI Ticket Json?"

The "JsAPI Ticket Json" module is designed to detect misconfigurations in the JsAPI ticket JSON file. JsAPI is a software that provides JavaScript API access to various functionalities. This module focuses on identifying vulnerabilities related to the exposure of sensitive information in the JsAPI ticket JSON file.

This module has a low severity level, indicating that the potential impact of the identified misconfigurations or vulnerabilities is relatively limited.

Author: DhiyaneshDK

Impact

If misconfigurations or vulnerabilities are found in the JsAPI ticket JSON file, it could potentially expose sensitive information, such as the expiration time and the JsAPI ticket itself. This information could be exploited by malicious actors to gain unauthorized access or perform other malicious activities.

How does the module work?

The "JsAPI Ticket Json" module works by sending a GET request to the "/jsapi_ticket.json" path. It then applies matching conditions to determine if the response contains specific keywords, such as "expire_time" and "jsapi_ticket," and if the response status is 200 (OK).

Example HTTP request:

GET /jsapi_ticket.json

The module matches the response against the following conditions:

- The response must contain both "expire_time" and "jsapi_ticket" keywords. - The response status must be 200 (OK).

If these conditions are met, the module will report a vulnerability related to the exposure of sensitive information in the JsAPI ticket JSON file.

Reference: https://www.exploit-db.com/ghdb/6070

Metadata:

- Verified: true - Google query: intitle:"index of" "jsapi_ticket.json"

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/jsapi_ticket.json
Matching conditions
word: "expire_time":, "jsapi_ticket":and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability