Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Salesforce Lightning - API Detection

By kannthu

Vidoc logoVidoc Module

This module serves the specific purpose of detecting misconfigurations in the Aura platform. Aura, a UI framework for developing dynamic web apps for mobile and desktop devices, may be susceptible to this vulnerability if not properly configured. Detecting such issues is vital to secure the integrity of the applications built on this framework.


Misconfiguration on any platform, including Aura, can lead to potential security threats and data leaks. The impact ranges from the exposure of confidential information to unauthorized users gaining access to your system and modifying your data or even executing arbitrary code.

How the Module Works:

This Vidoc module operates by sending HTTP POST requests to several paths related to Aura. For instance, a simple request might look like this:

POST /aura 

The module then assesses the response body for the keyword "aura:invalidSession". If this keyword is identified, it indicates a misconfiguration in Aura, thus confirming the vulnerability.

This module's assessment is based on the principle of 'and' condition, i.e., the specified condition for matching the keyword must be fulfilled for each POST request. If the condition is not met, it determines the Aura platform is not misconfigured, passing the security check successfully.

Please note that this module is designed for technical assessment rather than malicious exploitation. It is an essential tool for administrators and developers to identify potential vulnerabilities and rectify them timely.

Make sure to utilise this module responsibly, being mindful of the legalities and ethics involving system scanning and security testing.

Module preview

Concurrent Requests (1)
1. HTTP Request template
POST/aura/s/sfsites/aura/sfsites/aura(+2 paths)
Matching conditions
word: aura:invalidSession
Passive global matcher
No matching conditions.
On match action
Report vulnerability