2023-05-23 10:00:08 +00:00
|
|
|
id: blazor-boot
|
|
|
|
|
|
|
|
info:
|
|
|
|
name: Blazor Boot File Disclosure
|
|
|
|
author: freakyclown
|
|
|
|
severity: info
|
2023-05-23 10:02:28 +00:00
|
|
|
reference:
|
|
|
|
- https://github.com/freakyclown/Nuclei_templates/blob/main/blazor_server.yaml
|
2023-05-23 10:00:08 +00:00
|
|
|
metadata:
|
|
|
|
max-request: 1
|
2023-06-04 08:13:42 +00:00
|
|
|
verified: true
|
2023-05-23 10:00:08 +00:00
|
|
|
github-query: 'blazor.boot.json language:JSON'
|
2023-05-23 10:06:55 +00:00
|
|
|
tags: blazor,boot,exposure,config,disclosure
|
2023-05-23 10:00:08 +00:00
|
|
|
|
2023-05-23 10:03:26 +00:00
|
|
|
http:
|
2023-05-23 10:00:08 +00:00
|
|
|
- method: GET
|
|
|
|
path:
|
|
|
|
- "{{BaseURL}}/_framework/blazor.boot.json"
|
|
|
|
|
|
|
|
matchers:
|
|
|
|
- type: word
|
|
|
|
words:
|
|
|
|
- 'Blazor'
|
|
|
|
- '"config":'
|
|
|
|
condition: and
|
|
|
|
|
|
|
|
extractors:
|
|
|
|
- type: regex
|
|
|
|
part: body
|
|
|
|
regex:
|
|
|
|
- \"([^"\r\n]+\.dll)\"
|