Http Stack Trace Obtainable
Description
Detects when a web application exposes detailed technical stack traces in error responses. Stack traces can reveal sensitive implementation details, file paths, and system information that attackers could leverage to exploit the application.
Detection Strategy
• Makes a POST request to the target URL with an intentionally malformed JWT token in the Authorization header
• Checks if the server responds with a 500-level error status code
• Examines the response content for stack trace information by looking for HTML unordered list elements with id='stacktrace'
• Reports a vulnerability if technical error details are exposed in the response
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.