Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Symfony FOSJsRoutingBundle

By kannthu

Medium
Vidoc logoVidoc Module
#misconfig#symfony
Description

Symfony FOSJsRoutingBundle

What is the Symfony FOSJsRoutingBundle?

The Symfony FOSJsRoutingBundle is a module that detects misconfigurations in the Symfony framework. It targets the FOSJsRoutingBundle, which is a Symfony bundle that provides JavaScript routing capabilities.

This module has a medium severity level, indicating that it can potentially lead to security vulnerabilities if not properly configured.

Author: DhiyaneshDk

Impact

If misconfigured, the Symfony FOSJsRoutingBundle can expose sensitive information and potentially allow unauthorized access to routes and resources within the Symfony application.

How the module works?

The module works by sending an HTTP GET request to the "/js/routing?callback=fos.Router.setDatafoobarfoo" endpoint. It then applies several matching conditions to determine if a misconfiguration is present.

The matching conditions include:

- The response body must contain the following words: /**/fos.Router.setDatafoobarfoo({ and routes - The response header must include the word application/javascript - The HTTP status code must be 200

If all the matching conditions are met, the module will report a misconfiguration in the Symfony FOSJsRoutingBundle.

Reference:

- https://packagist.org/packages/friendsofsymfony/jsrouting-bundle

Metadata:

max-request: 1

verified: true

shodan-query: http.html:"symfony Profiler"

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/js/routing?callback...
Matching conditions
word: /**/fos.Router.setDatafoobarfoo({, route...and
word: application/javascriptand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability