vue applications, most of them will use webpack packaged, if not properly configured, it will lead vue source code disclosure.
webpack is a JavaScript application of static resources packer (module bundler). It recursively construct a dependency graph (dependency graph), wherein each module comprises application desired, all of these modules are then packaged into one or more of the bundle.
Can directly use the browser to view the F12 debug mode, we do not have any interest in the source of the leak vue, interested in all kinds of information leaked as API, encryption algorithm, the administrator mailbox, internal functions, and so on.
The following figure leaked all of the API.
Many applications are vue before rendering the page and then determine whether the landing ! According to this small defect, we can see first-related functions, or use Burpsuite modify the authentication of users return package, then reptiles crawl about API, analyze parameters, occasionally encounter not have permission to verify the interface, or there will be injected, XSS like vulnerability.
Reference article: https://www.codercto.com/a/57536.html