Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "webpack config disclosure" module is designed to detect misconfigurations in web projects that use webpack for bundling. It targets the "webpack.config.js" file, which contains metadata relevant to the project. This module is authored by ambassify and has an informative severity level.
If a misconfiguration is detected in the webpack configuration file, it could potentially expose sensitive information or allow unauthorized access to the project's resources. This can lead to security vulnerabilities and compromise the integrity of the web application.
The "webpack config disclosure" module works by sending an HTTP GET request to the "/webpack.config.js" path. It then applies several matching conditions to determine if a misconfiguration is present:
- The module checks if the response body contains the keywords "module.exports" or "const". - It verifies if the response header includes the content types "application/javascript" or "text/javascript". - The module also ensures that the HTTP response status is 200 (OK).If all of these conditions are met, the module flags the webpack configuration file as potentially misconfigured.
Example HTTP request:
GET /webpack.config.js
Note: The above example is a simplified representation of the HTTP request sent by the module.