nuclei-templates/http/exposures/tokens/jwk-json-leak.yaml

43 lines
1.1 KiB
YAML
Raw Permalink Normal View History

2024-07-09 16:55:44 +00:00
id: jwk-json-leak
2024-07-09 16:53:10 +00:00
info:
2024-07-09 17:19:26 +00:00
name: JSON Web Key File - Exposure
2024-07-09 16:53:10 +00:00
author: Mohsen Yaghoubi
2024-07-10 06:05:09 +00:00
severity: low
2024-07-09 16:53:10 +00:00
description: |
Searches for JSON Web Key (JWK) file.
reference:
- https://portswigger.net/web-security/jwt/algorithm-confusion
2024-07-09 17:19:26 +00:00
metadata:
shodan-query: html:"jwks.json"
verified: true
max-request: 1
2024-07-09 16:53:10 +00:00
tags: exposure,token,generic
http:
- method: GET
path:
- "{{BaseURL}}/.well-known/jwks.json"
- "{{BaseURL}}/.well-known/jwks"
2024-07-10 06:49:34 +00:00
- "{{BaseURL}}/.well-known/openid-configuration/jwks.json"
2024-07-10 06:52:14 +00:00
- "{{BaseURL}}/.well-known/openid-configuration/jwks"
2024-07-09 16:53:10 +00:00
- "{{BaseURL}}/jwks.json"
- "{{BaseURL}}/jwks"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
2024-07-09 17:19:26 +00:00
part: body
2024-07-09 16:53:10 +00:00
words:
- '"kid":'
2024-07-09 17:19:26 +00:00
- type: word
part: content_type
words:
- 'application/json'
2024-07-09 16:53:10 +00:00
- type: status
status:
- 200
# digest: 4a0a0047304502205581eae6281f5e413965da3fe0031dbb6908676617f08fd0b19396c86046281702210081886f398e6973d5894cf43b439d3825e0e036150c7a2355bab22714bf4c960d:922c64590222798bb761d5b6d8e72950