nuclei-templates/http/misconfiguration/vercel-source-exposure.yaml

40 lines
1.1 KiB
YAML
Raw Permalink Normal View History

2023-09-22 22:14:26 +00:00
id: vercel-source-exposure
2023-09-23 09:41:29 +00:00
2023-09-22 22:06:28 +00:00
info:
2023-09-22 22:16:24 +00:00
name: Vercel Source Code Exposure
2023-09-22 22:06:28 +00:00
author: hlop
severity: medium
2023-09-23 09:41:29 +00:00
description: |
The Vercel Source Code Exposure misconfiguration allows an attacker to access sensitive source code files on the Vercel platform.
2023-10-14 11:27:55 +00:00
reference:
- https://vercel.com/docs/projects/overview#logs-and-source-protection
2023-09-23 09:41:29 +00:00
metadata:
2023-10-14 11:27:55 +00:00
max-request: 1
2023-09-23 09:41:29 +00:00
fofa-query: cname_domain="vercel.app" || icon_hash="-2070047203"
2023-09-22 22:06:28 +00:00
tags: vercel,exposure,misconfig
http:
- method: GET
path:
- "{{BaseURL}}/_src"
2023-09-23 09:41:29 +00:00
2023-09-22 22:06:28 +00:00
redirects: true
max-redirects: 3
2023-10-14 11:27:55 +00:00
2023-09-22 22:06:28 +00:00
matchers-condition: and
matchers:
2023-09-23 09:41:29 +00:00
- type: word
part: body
words:
- "Deployment Source</title>"
- "Deployment Source Dashboard Vercel"
condition: or
- type: word
part: body
words:
- "<title>Login Vercel</title>"
negative: true
# digest: 4b0a00483046022100d755b980bf15a207f2e014f51819babff9571cba19d3637c6bd30ca99689152e022100e62fc4eceda91db3889373a7f38460633952c9d1ef102ce59ffcc5840d6330f0:922c64590222798bb761d5b6d8e72950