2023-05-23 10:00:08 +00:00
|
|
|
id: blazor-boot
|
|
|
|
|
|
|
|
|
|
info:
|
|
|
|
|
name: Blazor Boot File Disclosure
|
|
|
|
|
author: freakyclown
|
|
|
|
|
severity: info
|
2023-05-23 10:02:28 +00:00
|
|
|
reference:
|
|
|
|
|
- https://github.com/freakyclown/Nuclei_templates/blob/main/blazor_server.yaml
|
2023-05-23 10:00:08 +00:00
|
|
|
metadata:
|
2023-06-04 08:13:42 +00:00
|
|
|
verified: true
|
2023-10-14 11:27:55 +00:00
|
|
|
max-request: 1
|
2023-05-23 10:00:08 +00:00
|
|
|
github-query: 'blazor.boot.json language:JSON'
|
2023-05-23 10:06:55 +00:00
|
|
|
tags: blazor,boot,exposure,config,disclosure
|
2023-05-23 10:00:08 +00:00
|
|
|
|
2023-05-23 10:03:26 +00:00
|
|
|
http:
|
2023-05-23 10:00:08 +00:00
|
|
|
- method: GET
|
|
|
|
|
path:
|
|
|
|
|
- "{{BaseURL}}/_framework/blazor.boot.json"
|
|
|
|
|
|
|
|
|
|
matchers:
|
|
|
|
|
- type: word
|
|
|
|
|
words:
|
|
|
|
|
- 'Blazor'
|
|
|
|
|
- '"config":'
|
|
|
|
|
condition: and
|
|
|
|
|
|
|
|
|
|
extractors:
|
|
|
|
|
- type: regex
|
|
|
|
|
part: body
|
|
|
|
|
regex:
|
|
|
|
|
- \"([^"\r\n]+\.dll)\"
|
2023-10-20 11:41:13 +00:00
|
|
|
|
|
|
|
|
# digest: 4b0a00483046022100dc61a96aca50c31f4dadd2e148a6245daada0e5b4f7720964e8393a4ed6ff4a3022100fe89b94e9bb50ef7c4d0c952ab9c38e60c45b17d93552e7d181d4901bdd05a03:922c64590222798bb761d5b6d8e72950
|
