buildpath-file-disclosure: .buildpath - File Disclosure

漏洞描述

PoC代码[已公开]

id: buildpath-file-disclosure

info:
  name: .buildpath - File Disclosure
  author: ritikchaddha
  severity: low
  description: |
    Publicly accessible /.buildpath configuration file was detected, which may expose project structure or sensitive information.
  tags: exposure,files,buildpath,config

http:
  - method: GET
    path:
      - "{{BaseURL}}/.buildpath"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "</buildpath>"
          - "<?xml"
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100fe15682bc968d793d71cc309126437a8f7c02e32e07b6ad61749b9c889b139c302202629fd47fef4c39774b344694a566aa217cfc190204336b77cf868f07e17c655:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• POC CVE-2019-10647: ZZZCMS ZZZPHP 1.6.3 – Remote PHP Code Execution (RCE)
• POC CVE-2019-14950: WP Live Chat Support <= 8.0.27 — Stored Cross-Site Scripting
• POC CVE-2019-17671: WordPress <= 5.2.4 - Unauthenticated View Private/Draft Posts
• POC CVE-2019-4061: IBM BigFix Platform - Information Disclosure
• POC CVE-2020-20627: GiveWP - Missing Authorization to Settings Update
• POC CVE-2020-26836: SAP Solution Manager - Open Redirect
• POC CVE-2021-2135: Oracle WebLogic Server - Remote Code Execution
• POC CVE-2021-23394: elFinder < 2.1.58 - Remote Code Execution
• POC CVE-2021-37415: Zoho ManageEngine ServiceDesk Plus - Authentication Bypass
• POC CVE-2021-4073: RegistrationMagic <= 5.0.1.7 - Authentication Bypass
• POC CVE-2022-0879: Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting
• POC CVE-2023-23897: Ozette Plugins - Cross-Site Request Forgery
• POC CVE-2023-3388: Beautiful Cookie Consent Banner < 2.10.2 - Cross-Site Scripting