2023-05-23 10:00:08 +00:00
|
|
|
id: blazor-boot
|
|
|
|
|
|
|
|
|
|
info:
|
|
|
|
|
name: Blazor Boot File Disclosure
|
|
|
|
|
author: freakyclown
|
|
|
|
|
severity: info
|
2023-12-22 09:44:59 +00:00
|
|
|
description: Exposed Blazor Boot (a web framework developed by Microsoft) config file.
|
2023-05-23 10:02:28 +00:00
|
|
|
reference:
|
|
|
|
|
- https://github.com/freakyclown/Nuclei_templates/blob/main/blazor_server.yaml
|
2023-05-23 10:00:08 +00:00
|
|
|
metadata:
|
2023-06-04 08:13:42 +00:00
|
|
|
verified: true
|
2023-10-14 11:27:55 +00:00
|
|
|
max-request: 1
|
2023-05-23 10:00:08 +00:00
|
|
|
github-query: 'blazor.boot.json language:JSON'
|
2023-05-23 10:06:55 +00:00
|
|
|
tags: blazor,boot,exposure,config,disclosure
|
2023-05-23 10:00:08 +00:00
|
|
|
|
2023-05-23 10:03:26 +00:00
|
|
|
http:
|
2023-05-23 10:00:08 +00:00
|
|
|
- method: GET
|
|
|
|
|
path:
|
|
|
|
|
- "{{BaseURL}}/_framework/blazor.boot.json"
|
|
|
|
|
|
|
|
|
|
matchers:
|
|
|
|
|
- type: word
|
|
|
|
|
words:
|
|
|
|
|
- 'Blazor'
|
|
|
|
|
- '"config":'
|
|
|
|
|
condition: and
|
|
|
|
|
|
|
|
|
|
extractors:
|
|
|
|
|
- type: regex
|
|
|
|
|
part: body
|
|
|
|
|
regex:
|
|
|
|
|
- \"([^"\r\n]+\.dll)\"
|
2023-12-29 09:57:30 +00:00
|
|
|
# digest: 4a0a00473045022039ffcef0ae5c9c5a543cb8e0910d761626d3debadead0fd0d661630121fb20aa02210087543ab10d47871b9ef1c195d617d232116fb319394dbef356011481f17c0662:922c64590222798bb761d5b6d8e72950
|
