nuclei-templates/http/exposures/files/google-api-private-key.yaml

35 lines
1.0 KiB
YAML

id: google-api-private-key
info:
name: Google Api Private Key
author: DhiyaneshDK
severity: medium
description: Google API private keys are exposed in files.
reference: https://www.exploit-db.com/ghdb/6037
metadata:
verified: true
max-request: 3
google-query: intitle:"index of" "google-api-private-key.json"
tags: exposure,cloud,google,devops,files
http:
- method: GET
path:
- "{{BaseURL}}/google-api-private-key.json"
- "{{BaseURL}}/app/config/pimcore/google-api-private-key.json"
- "{{BaseURL}}/pimcore/app/config/pimcore/google-api-private-key.json"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
words:
- 'private_key_id'
- 'private_key'
condition: and
- type: status
status:
- 200
# digest: 4b0a00483046022100afe61a5d893189f6b62e289bee4c55a4f6167b38cbbf7eaa0a00ee291a9f755c022100ca4572222b23f7dbeecc0d1c5b81145eac00ed80832e8f5d1c8f67bf7820c245:922c64590222798bb761d5b6d8e72950