漏洞描述
该漏洞检测暴露的 JSON 配置文件,这些文件可能包含敏感信息,包括 API 密钥、访问令牌、AWS 凭据、数据库配置、基础 URL、文件路径和应用程序设置。这些文件通常包含生产配置和凭据,不应公开访问。
Exposed JSON Configuration Files 信息泄露漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2019-5591: FortiOS - Insecure LDAP Configuration Detection
- POC bash-config-exposure: Bash Configuration - Exposure
- POC codekit-config-exposure: CodeKit Configuration Exposure
- POC exposed-gitmodules: .gitmodules File Exposed
- POC flow-config-exposure: Flow Configuration - Exposure
- POC keycloak-admin-console-config: Keycloak Admin Console Configuration Disclosure
- POC python-setup-config: Python Setup Configuration - Exposure
- POC rexify-config-exposure: Rexify Configuration - Exposure
- POC jolokia-config-exposure: Jolokia Configuration - Exposure
- POC wp-w3-total-cache-exposure: WordPress W3 Total Cache - Cache Files Exposure
- POC wordfence-config-disclosure: WordPress Wordfence - Configuration File Disclosure
- 上海普华科技PowerPMS /UploadFle/GetFilesData SQL 注入漏洞
- POC CVE-2025-27915: Zimbra - Cross-Site Scripting via ICS Files