Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

React App Environment Js

By kannthu

Informative
Vidoc logoVidoc Module
#react#exposure#config#js#javascript
Description

What is the "React App Environment Js?"

The "React App Environment Js" module is designed to detect misconfigurations in the React application environment. It targets React applications written in JavaScript (JS) and aims to identify potential vulnerabilities or exposure of sensitive configuration information. The severity of this module is classified as informative, meaning it provides valuable insights without indicating a critical security issue. The original author of this module is random-robbie.

Impact

This module helps identify potential misconfigurations or vulnerabilities in React applications, allowing developers to address them before they can be exploited. By detecting exposed configuration information or misconfigured settings, it helps enhance the security and reliability of React applications.

How does the module work?

The "React App Environment Js" module works by sending HTTP requests to specific endpoints ("/env.js" and "/config.js") within the target application. It then applies a set of matching conditions to determine if any misconfigurations or vulnerabilities exist. The matching conditions include:

- Body Matcher: Checks if the response body contains the string "REACT_APP_". - Header Matcher: Verifies if the response header includes one of the following content types: "application/octet-stream", "application/javascript", or "text/plain". - Status Matcher: Ensures that the HTTP response status is 200 (OK).

If all the matching conditions are met, the module reports a potential misconfiguration or vulnerability. It can be used as part of a larger scanning process to assess the security posture of React applications.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/env.js/config.js
Matching conditions
word: REACT_APP_and
word: application/octet-stream, application/ja...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability