Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Sass Lint File Exposure" module is designed to detect misconfigurations in the Sass Lint software. Sass Lint is a popular tool used in web development to analyze and enforce coding standards for Sass files. This module focuses on identifying potential file exposure vulnerabilities in the Sass Lint configuration file.
This module has an informative severity level, meaning it provides valuable information but does not pose an immediate security risk.
Author: DhiyaneshDK
If the Sass Lint configuration file is exposed, it may reveal sensitive information about the project's coding standards, formatting options, and file paths. This information could potentially be used by attackers to gain insights into the project's structure and exploit any weaknesses.
The "Sass Lint File Exposure" module works by sending an HTTP GET request to the "/.sass-lint.yml" path. It then applies matching conditions to determine if the configuration file is exposed.
The matching conditions for this module are:
- The response body must contain the words "options:", "formatter:", and "files:" - The HTTP response status code must be 200 (OK)If both conditions are met, the module reports a potential vulnerability.
Example HTTP request:
GET /.sass-lint.yml
Reference: https://github.com/sasstools/sass-lint/blob/develop/docs/sass-lint.yml
Metadata:
- Verified: true - Shodan query: html:"sass-lint.yml"