access-log-file: Publicly accessible access-log file

日期: 2025-08-01 | 影响软件: access-log-file | POC: 已公开

漏洞描述

Log file was exposed.

PoC代码[已公开]

id: access-log-file

info:
  name: Publicly accessible access-log file
  author: sheikhrishad
  severity: low
  description: Log file was exposed.
  metadata:
    max-request: 4
  tags: logs,exposure,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/access.log"
      - "{{BaseURL}}/log/access.log"
      - "{{BaseURL}}/logs/access.log"
      - "{{BaseURL}}/application/logs/access.log"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '"GET /'

      - type: word
        words:
          - "text/plain"
        part: header

      - type: status
        status:
          - 200
# digest: 490a00463044022032b9a7617a92f1857b0a820dfecd6d2f959e9e541179de3e89b2a7e061449c5e022071355f30e7dff645cd94f074129ddc096816718c16291d368dfb2fd1e01abb0a:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/exposures/logs/access-log-file.yaml