appspec-yml-disclosure: Appspec YML/YAML - Detect

日期: 2025-08-01 | 影响软件: Appspec YML/YAML | POC: 已公开

漏洞描述

Appspec YML and YAML files are susceptible to information disclosure.

PoC代码[已公开]

id: appspec-yml-disclosure

info:
  name: Appspec YML/YAML - Detect
  author: dhiyaneshDk
  severity: medium
  description: Appspec YML and YAML files are susceptible to information disclosure.
  reference:
    - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/appsec-yml-disclosure.json
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cwe-id: CWE-200
  metadata:
    max-request: 2
  tags: exposure,config,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/appspec.yml"
      - "{{BaseURL}}/appspec.yaml"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "version:"
          - "os:"
          - "files:"
        part: body
        condition: and

      - type: word
        part: header
        words:
          - "text/html"
        negative: true

      - type: status
        status:
          - 200
# digest: 4a0a00473045022070202f1c1cc0354db60a0e53722e22ed46b324d722917ab8203752a2228d80ba022100bec2a76bcbbf9277d6dfedf6013668e0794655892ce95b8f1878eae40f46de1e:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/exposures/configs/appspec-yml-disclosure.yaml