Config File Exposure
Attacker can get unauthorized access to JSON configuration files.
Security Misconfiguration (SM)
How this template works
The API selection filters in this template specify the criteria for selecting the APIs to be tested. In this case, the filters include the response code range (between 200 and 299) and the extraction of the URL variable.
The execute section defines the type of request to be made and the modifications to be applied to the URL. In this template, a single request is made, and the URL is modified using the URL paths specified in the wordLists section.
The validation section defines the criteria for validating the response of the executed request. In this template, the response code is expected to be 200, and the response payload should contain either the strings "api_keys", "aws", or "server". If these conditions are met, the vulnerability is considered present.
Frequently asked questions
What is the purpose of this test
How does the test identify misconfigurations
What are the potential risks associated with JSON configuration file exposure
How does the test validate the presence of sensitive information
What is the severity level assigned to this vulnerability
Are there any references or resources available for further information