Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Proxy WPAD Configuration Exposure" module is designed to detect misconfigurations in the WPAD (Web Proxy Auto-Discovery) configuration. WPAD is a protocol used by web browsers to automatically discover proxy settings. This module targets the exposure of the WPAD configuration file, which can potentially lead to security vulnerabilities.
This module has a low severity level, indicating that the impact of the vulnerability is relatively limited.
Author: DhiyaneshDk
If the WPAD configuration file is exposed, it can potentially allow an attacker to intercept and manipulate network traffic. This can lead to various security risks, such as eavesdropping on sensitive information, injecting malicious content, or redirecting users to malicious websites.
The "Proxy WPAD Configuration Exposure" module works by sending an HTTP GET request to the "/wpad.dat" path. It then applies matching conditions to determine if the WPAD configuration file is exposed.
The matching conditions for this module are:
- The response body must contain the words "FindProxyForURL", "url", and "host". - The HTTP status code must be 200 (OK).If both matching conditions are met, the module reports a vulnerability indicating that the WPAD configuration file is exposed.
Example HTTP request:
GET /wpad.dat HTTP/1.1
Host: example.com
Note: The above example is a simplified representation of the HTTP request and does not include all possible headers or request parameters.
For more information, refer to the module's metadata:
verified: true
shodan-query: html:"wpad.dat"