nuclei-templates/exposures/tokens/digitalocean/axiom-digitalocean-key-expo...

41 lines
973 B
YAML

id: axiom-digitalocean-key-exposure
info:
name: DigitalOcean Key Exposure via Axiom
author: geeknik
severity: critical
description: Axiom is a dynamic infrastructure framework to efficiently work with multi-cloud environments.
remediation: Restrict access to the do.json file or upgrade to a newer version of Axiom
reference: https://github.com/pry0cc/axiom
tags: axiom,digitalocean,key,exposure
classification:
cvss-score: 9.8
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cwe-id: CWE-425
requests:
- method: GET
path:
- "{{BaseURL}}/.axiom/accounts/do.json"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- '"do_key"'
- '"region"'
- '"provider"'
condition: and
extractors:
- type: regex
part: body
regex:
- '\"do_key\"\: .*'
# Enhanced by cs on 2022/02/28