config-json.yaml false positive & proposed improvements

[fmunozs]

Nuclei Version:

2.9.15

Template file:

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/exposures/configs/config-json.yaml

Command to reproduce:

nuclei -t http/exposures/configs/config-json.yaml -u https://pmm.share-now.com/

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v2.9.15

                projectdiscovery.io

[WRN] Found 11 template[s] loaded with deprecated paths, update before v3 for continued support.
[INF] Current nuclei version: v2.9.15 (latest)
[INF] Current nuclei-templates version: v9.6.4 (latest)
[INF] New templates added in latest release: 121
[INF] Templates loaded for current scan: 1
[INF] Targets loaded for current scan: 1
[config-json] [http] [medium] https://pmm.share-now.com/config/default.json

Anything else:

Currently this template is looking for a couple of very specific strings, which IMHO is not ideal, as shown in the above example, when a page returns 200, it may report a false positive issue. I think it may be a better idea to check for the return file type for "application/json" , we could add "text/plain", "text/javascript", "text/json" just in case for older http servers. This should discard false positive text/html responses.

Another idea would be to check if the returned body is a JSON string, not sure if DSL allows that.

[princechaddha]

Hi @fmunozs, Thank you for taking the time to create this issue and for contributing to this project 🍻