Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

NGINX Shards Disclosure

By kannthu

Medium
Vidoc logoVidoc Module
#exposure#shards#nginx
Description

What is the "NGINX Shards Disclosure" module?

The "NGINX Shards Disclosure" module is designed to detect a specific misconfiguration in NGINX servers that can lead to the exposure of sensitive information. NGINX is a popular web server software used to serve static content, reverse proxy, and load balance web applications. This module focuses on identifying the presence of a specific file called "shards.html" or "shards/html" in the server's static directory.

This module has a medium severity level, indicating that if the misconfiguration is present, it could potentially expose sensitive information to unauthorized users.

This module was authored by DhiyaneshDK.

Impact

If the "NGINX Shards Disclosure" module detects the presence of the "shards.html" or "shards/html" file, it indicates that the NGINX server may have misconfigured access controls. This misconfiguration could allow unauthorized individuals to access sensitive information, such as logs and database files, that should only be accessible to authorized users.

How does the module work?

The "NGINX Shards Disclosure" module works by sending HTTP requests to the target NGINX server and analyzing the responses based on specific matching conditions. The module sends GET requests to the paths "/static/shards.html" and "/static/shards/html" to check if these files exist.

The module uses two matching conditions to determine if the misconfiguration is present:

- Matcher 1: It checks if the response contains specific words such as "Logs," "Database," and "online shards only." This indicates that the server may be exposing sensitive information. - Matcher 2: It checks if the response status code is 200, indicating a successful request. If the response status code is different, the module will not consider it a match.

If both matching conditions are met, the module will report a vulnerability, indicating that the NGINX server may have a misconfiguration that exposes sensitive information.

For example, the module may send the following HTTP request:

GET /static/shards.html HTTP/1.1
Host: example.com

If the response contains the words "Logs," "Database," and "online shards only," and the status code is 200, the module will consider it a match and report the vulnerability.

It's important to note that this module is just one test case within the Vidoc platform, which uses multiple modules to perform scanning and identify various misconfigurations, vulnerabilities, and software fingerprints.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/static/shards.html/static/shards/html
Matching conditions
word: Logs, Database, online shards onlyand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability