System Properties Exposure

What is the "System Properties Exposure?"

The "System Properties Exposure" module is designed to detect misconfigurations in system properties and environment variables. It targets software systems and checks for the presence of specific keywords in the HTTP response body. This module has a low severity level and was authored by DhiyaneshDk.

Impact

If a misconfiguration is detected, it could potentially expose sensitive system properties and environment variables. This could lead to unauthorized access, data leakage, or other security vulnerabilities.

How does the module work?

The "System Properties Exposure" module works by sending HTTP requests to the target system and analyzing the response. It checks for the presence of specific keywords, such as "System Properties:" and "Environment Variables:", in the response body. Additionally, it verifies that the HTTP response status is 200 (OK). If both conditions are met, the module reports a potential misconfiguration.

Here is an example of an HTTP request that the module might send:

GET / HTTP/1.1
Host: example.com
User-Agent: Vidoc-Scanner

The module uses the following matching conditions:

- The response body must contain the keywords "System Properties:" and "Environment Variables:". - The HTTP response status must be 200 (OK).

By analyzing the HTTP response and matching these conditions, the module can identify potential misconfigurations related to system properties and environment variables.