Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Sass Lint File Exposure

By kannthu

Informative
Vidoc logoVidoc Module
#exposure#sass#devops#cicd#files
Description

What is the "Sass Lint File Exposure?"

The "Sass Lint File Exposure" module is designed to detect misconfigurations in the Sass Lint software. Sass Lint is a popular tool used in web development to analyze and enforce coding standards for Sass files. This module focuses on identifying potential file exposure vulnerabilities in the Sass Lint configuration file.

This module has an informative severity level, meaning it provides valuable information but does not pose an immediate security risk.

Author: DhiyaneshDK

Impact

If the Sass Lint configuration file is exposed, it may reveal sensitive information about the project's coding standards, formatting options, and file paths. This information could potentially be used by attackers to gain insights into the project's structure and exploit any weaknesses.

How the module works?

The "Sass Lint File Exposure" module works by sending an HTTP GET request to the "/.sass-lint.yml" path. It then applies matching conditions to determine if the configuration file is exposed.

The matching conditions for this module are:

- The response body must contain the words "options:", "formatter:", and "files:" - The HTTP response status code must be 200 (OK)

If both conditions are met, the module reports a potential vulnerability.

Example HTTP request:

GET /.sass-lint.yml

Reference: https://github.com/sasstools/sass-lint/blob/develop/docs/sass-lint.yml

Metadata:

- Verified: true - Shodan query: html:"sass-lint.yml"

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/.sass-lint.yml
Matching conditions
word: options:, formatter:, files:and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability