38 lines
917 B
YAML
38 lines
917 B
YAML
id: vercel-source-exposure
|
||
|
||
info:
|
||
name: Vercel Source Code Exposure
|
||
author: hlop
|
||
severity: medium
|
||
description: |
|
||
The Vercel Source Code Exposure misconfiguration allows an attacker to access sensitive source code files on the Vercel platform.
|
||
reference:
|
||
- https://vercel.com/docs/projects/overview#logs-and-source-protection
|
||
metadata:
|
||
max-request: 1
|
||
fofa-query: cname_domain="vercel.app" || icon_hash="-2070047203"
|
||
tags: vercel,exposure,misconfig
|
||
|
||
http:
|
||
- method: GET
|
||
path:
|
||
- "{{BaseURL}}/_src"
|
||
|
||
redirects: true
|
||
max-redirects: 3
|
||
|
||
matchers-condition: and
|
||
matchers:
|
||
- type: word
|
||
part: body
|
||
words:
|
||
- "Deployment Source</title>"
|
||
- "Deployment Source – Dashboard – Vercel"
|
||
condition: or
|
||
|
||
- type: word
|
||
part: body
|
||
words:
|
||
- "<title>Login – Vercel</title>"
|
||
negative: true
|