nuclei-templates/http/misconfiguration/laravel-debug-infoleak.yaml

52 lines
1.2 KiB
YAML
Raw Normal View History

2023-03-14 13:42:06 +00:00
id: laravel-debug-infoleak
2023-03-14 12:04:34 +00:00
info:
2023-03-17 11:21:52 +00:00
name: Laravel Debug Info Leak
2023-03-14 12:04:34 +00:00
author: pwnhxl
2023-03-17 11:21:52 +00:00
severity: medium
description: |
2023-03-17 12:07:29 +00:00
This template can be used to detect a Laravel debug information leak by making a POST-based request.
2023-03-14 12:04:34 +00:00
reference:
2023-03-17 11:26:14 +00:00
- https://github.com/dem0ns/improper/blob/master/laravel/5_debug/1.png
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
cvss-score: 6.5
cwe-id: CWE-215
2023-03-14 12:04:34 +00:00
metadata:
max-request: 1
2023-03-14 12:04:34 +00:00
verified: "true"
2023-03-17 11:21:52 +00:00
shodan-query: Laravel-Framework
2023-03-14 13:42:06 +00:00
fofa-query: app="Laravel-Framework"
2023-03-17 11:21:52 +00:00
tags: misconfig,laravel,debug,infoleak
2023-03-14 12:04:34 +00:00
http:
2023-03-14 12:04:34 +00:00
- raw:
- |
2023-03-14 13:42:06 +00:00
POST / HTTP/1.1
2023-03-14 12:04:34 +00:00
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
2023-03-14 13:42:06 +00:00
part: body
2023-03-14 12:04:34 +00:00
words:
2023-03-17 11:21:52 +00:00
- 'vendor/laravel/framework/src/Illuminate/'
2023-03-14 13:42:06 +00:00
- 'MethodNotAllowedHttpException'
condition: and
2023-03-14 12:04:34 +00:00
- type: word
2023-03-14 13:42:06 +00:00
part: body
2023-03-14 12:04:34 +00:00
words:
2023-03-14 13:42:06 +00:00
- 'DB_PASSWORD'
- 'REDIS_PASSWORD'
- 'MAIL_PASSWORD'
- 'ALIYUN_ACCESSKEYSECRET'
- 'ALIYUN_ACCESSKEYID'
- 'SMS_AUTH_TOKEN'
- 'APP_KEY'
condition: or
2023-03-14 12:04:34 +00:00
- type: status
status:
2023-03-14 13:42:06 +00:00
- 405