atom-sync-remote: Atom Synchronization Exposure

日期: 2025-08-01 | 影响软件: atom sync remote | POC: 已公开

漏洞描述

It discloses username and password created by remote-sync for Atom, contains FTP and/or SCP/SFTP/SSH server details and credentials

PoC代码[已公开]

id: atom-sync-remote

info:
  name: Atom Synchronization Exposure
  author: geeknik
  severity: high
  description: |
    It discloses username and password created by remote-sync for Atom, contains FTP and/or SCP/SFTP/SSH server details and credentials
  metadata:
    verified: true
    max-request: 1
  tags: atom,exposure,config,files,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/.remote-sync.json"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"hostname":'
          - '"username":'
        condition: and

      - type: word
        part: body
        words:
          - "passphrase"
          - "password"
        condition: or

      - type: word
        part: header
        words:
          - "application/json"

      - type: status
        status:
          - 200
# digest: 490a004630440220743330b80c85cc0b1ec9c004d34f1d5244868ce19d720e822c137908dab7d999022058682e7278d881fc4eb7c70ff4f67ecfe5b8d8073f11f2dba3fbe072fe4a8403:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/exposures/files/atom-sync-remote.yaml