Hi, in this post we will see how security misconfiguration is working and how it could be used.
The security misconfiguration in Extreme Vulnerable Node Application (XVNA) is the stack trace, which should not be shown to the user because that may lead to some other attack.
If the attacker could know what code, language, server are used then it becomes easy for an attacker to attack.
We can see the attack in the video below.
Extreme vulnerable node application is available at Github https://github.com/vegabird/xvna and you can download it and test on your localhost.
Prevention:
Security Misconfiguration could be solved by using suitable configuration on server level and using proper validation in programming level to avoid throwing the unwanted error.