漏洞描述
Detected CakePHP Debug Kit toolbar, potentially leaking sensitive application information, database queries, and configuration.
cakephp-debugkit-exposure: CakePHP - Debug Kit Toolbar Exposure
PoC代码[已公开]
id: cakephp-debugkit-exposure
info:
name: CakePHP - Debug Kit Toolbar Exposure
author: 0x_Akoko
severity: medium
description: |
Detected CakePHP Debug Kit toolbar, potentially leaking sensitive application information, database queries, and configuration.
reference:
- https://github.com/cakephp/debug_kit
- https://book.cakephp.org/debugkit/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cwe-id: CWE-200
metadata:
verified: true
max-request: 2
shodan-query: http.html:"debug_kit"
fofa-query: body="debug_kit" && body="CakePHP"
tags: cakephp,debug,toolkit,exposure,php
http:
- method: GET
path:
- "{{BaseURL}}/debug-kit"
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains_any(body, "DebugKit Dashboard", "__debug_kit")'
condition: and
# digest: 490a004630440220272834a7a2ca47849bef8a8e701be0307ec176e0036960cea91467dd5532d3cf022076325f87cc4c630ef012c0ab28d3b120870f14295b979cf80701b922418c3f49:922c64590222798bb761d5b6d8e72950