nuclei-templates/exposures/tokens/google/fcm-server-key.yaml

19 lines
345 B
YAML

id: fcm-server-key
info:
name: FCM Server Key
author: absshax
severity: high
tags: exposure,token,google
reference: https://abss.me/posts/fcm-takeover
requests:
- method: GET
path:
- "{{BaseURL}}"
extractors:
- type: regex
part: body
regex:
- "AAAA[a-zA-Z0-9_-]{7}:[a-zA-Z0-9_-]{140}"