Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "NGINX Shards Disclosure" module is designed to detect a specific misconfiguration in NGINX servers that can lead to the exposure of sensitive information. NGINX is a popular web server software used to serve static content, reverse proxy, and load balance web applications. This module focuses on identifying the presence of a specific file called "shards.html" or "shards/html" in the server's static directory.
This module has a medium severity level, indicating that if the misconfiguration is present, it could potentially expose sensitive information to unauthorized users.
This module was authored by DhiyaneshDK.
If the "NGINX Shards Disclosure" module detects the presence of the "shards.html" or "shards/html" file, it indicates that the NGINX server may have misconfigured access controls. This misconfiguration could allow unauthorized individuals to access sensitive information, such as logs and database files, that should only be accessible to authorized users.
The "NGINX Shards Disclosure" module works by sending HTTP requests to the target NGINX server and analyzing the responses based on specific matching conditions. The module sends GET requests to the paths "/static/shards.html" and "/static/shards/html" to check if these files exist.
The module uses two matching conditions to determine if the misconfiguration is present:
- Matcher 1: It checks if the response contains specific words such as "Logs," "Database," and "online shards only." This indicates that the server may be exposing sensitive information. - Matcher 2: It checks if the response status code is 200, indicating a successful request. If the response status code is different, the module will not consider it a match.If both matching conditions are met, the module will report a vulnerability, indicating that the NGINX server may have a misconfiguration that exposes sensitive information.
For example, the module may send the following HTTP request:
GET /static/shards.html HTTP/1.1
Host: example.com
If the response contains the words "Logs," "Database," and "online shards only," and the status code is 200, the module will consider it a match and report the vulnerability.
It's important to note that this module is just one test case within the Vidoc platform, which uses multiple modules to perform scanning and identify various misconfigurations, vulnerabilities, and software fingerprints.