2024-01-30 14:14:14 +05:30
id : node-express-dev-env
2024-01-25 10:32:41 +01:00
info :
2024-01-30 14:14:14 +05:30
name : Node.js Express NODE_ENV Development Mode
2024-01-25 10:32:41 +01:00
author : FLX
severity : medium
2024-01-30 15:24:28 +05:30
description : |
The Node.js application runs in development mode, which can expose sensitive information, such as source code and secrets, depending on the application.
2024-01-25 10:32:41 +01:00
reference :
- https://www.invicti.com/web-vulnerability-scanner/vulnerabilities/express-development-mode-is-enabled/
- https://www.synopsys.com/blogs/software-security/nodejs-mean-stack-vulnerabilities.html
metadata :
2024-04-08 17:04:33 +05:30
verified : true
2024-06-07 10:04:29 +00:00
max-request : 2
2024-01-25 10:32:41 +01:00
shodan-query : "X-Powered-By: Express"
2024-01-30 15:23:48 +05:30
tags : nodejs,express,misconfig,devops,cicd,trace
2024-01-25 20:20:00 +01:00
flow : http(1) && http(2)
2024-01-25 10:32:41 +01:00
http :
2024-01-25 20:20:00 +01:00
- method : GET
path :
- "{{BaseURL}}"
matchers :
- type : dsl
internal : true
dsl :
- "contains(tolower(all_headers), 'x-powered-by: express')"
2024-01-25 10:32:41 +01:00
- raw :
- |
2024-01-30 14:14:14 +05:30
GET / HTTP/1.1
Host : {{Hostname}}
2024-01-25 10:32:41 +01:00
Content-Type : application/json
Connection : close
t
2024-01-30 14:14:14 +05:30
2024-01-25 10:32:41 +01:00
matchers :
- type : dsl
dsl :
2024-01-30 14:14:14 +05:30
- "status_code==400"
- "contains(body, 'SyntaxError: Unexpected token')"
- "contains(tolower(all_headers), 'x-powered-by: express')"
condition : and
2024-12-01 13:57:55 +00:00
# digest: 490a0046304402204f3ddf40560941e174d400df07d0bb481cb5ec0e947be65505eed133822dcc760220564b9d7269072b52f89087a303e12a2ba8ba70cbdc33dd5592d0e0cc8d84082b:922c64590222798bb761d5b6d8e72950
