Skip to content
Nuclei Templates

ASP.NET Core Development Environment - Exposure

ID: aspnetcore-dev-env

Severity: info

Author: Mys7ic

Tags: misconfig,aspnetcore,exposure

Description

Section titled “Description”

The ASP.NET Core application is running in Development mode, which could exposes detailed error messages and stack traces on the ‘/Error’ page.

YAML Source

Section titled “YAML Source”
id: aspnetcore-dev-env


info:
  name: ASP.NET Core Development Environment - Exposure
  author: Mys7ic
  severity: info
  description: |
    The ASP.NET Core application is running in Development mode, which could exposes detailed error messages and stack traces on the '/Error' page.
  impact: |
    Exposing detailed error messages and stack traces can reveal sensitive information such as server configurations, file paths, source code snippets, and other debug information. Attackers can use this information to identify vulnerabilities and compromise the application or underlying systems.
  remediation: |
    Set the 'ASPNETCORE_ENVIRONMENT' environment variable to 'Production' and ensure that detailed error messages are not exposed to end-users.
  reference:
    - https://docs.microsoft.com/en-us/aspnet/core/fundamentals/environments
  metadata:
    max-request: 1
    vendor: microsoft
    product: asp.net-core
    shodan-query: html:"ASPNETCORE_ENVIRONMENT"
    verified: true
  tags: misconfig,aspnetcore,exposure


http:
  - method: GET
    path:
      - "{{BaseURL}}/Error"


    matchers-condition: or
    matchers:
      - type: word
        part: body
        words:
          - "<strong>ASPNETCORE_ENVIRONMENT</strong> environment variable to <strong>Development</strong>"


      - type: word
        part: body
        words:
          - "ASPNETCORE_ENVIRONMENT"
          - "<environment include=\"Development\">"
        condition: and
# digest: 490a0046304402203ec60b9219f1a840bc7c09646bff134e34569e91ca43b71e4a53701a1145483b02207bf851361b99c9c16e4ef9d52622c4ef5b6724fedb005f231b0f89593059f935:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/misconfiguration/microsoft/aspnetcore-dev-env.yaml"

View on Github