漏洞描述
The Node.js application runs in development mode, which can expose sensitive information, such as source code and secrets, depending on the application.
node-express-dev-env: Node.js Express NODE_ENV Development Mode
PoC代码[已公开]
id: node-express-dev-env
info:
name: Node.js Express NODE_ENV Development Mode
author: FLX
severity: medium
description: |
The Node.js application runs in development mode, which can expose sensitive information, such as source code and secrets, depending on the application.
reference:
- https://www.invicti.com/web-vulnerability-scanner/vulnerabilities/express-development-mode-is-enabled/
- https://www.synopsys.com/blogs/software-security/nodejs-mean-stack-vulnerabilities.html
metadata:
verified: true
max-request: 2
shodan-query: "X-Powered-By: Express"
tags: nodejs,express,misconfig,devops,cicd,trace,vuln
flow: http(1) && http(2)
http:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: dsl
internal: true
dsl:
- "contains(tolower(all_headers), 'x-powered-by: express')"
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
Connection: close
t
matchers:
- type: dsl
dsl:
- "status_code==400"
- "contains(body, 'SyntaxError: Unexpected token')"
- "contains(tolower(all_headers), 'x-powered-by: express')"
condition: and
# digest: 4b0a004830460221008ce8d5873323151d3d18e673bc7f28a8be542ad87715afd116e4dc0778fdcfe7022100bdb5267b42f06871a87b2ac61864bf7e2ca2b882db78c7953795c23d269873ec:922c64590222798bb761d5b6d8e72950