codeigniter-env: Codeigniter - .env File Discovery

日期: 2025-08-01 | 影响软件: codeigniter | POC: 已公开

漏洞描述

Codeigniter .env file was discovered.

PoC代码[已公开]

id: codeigniter-env

info:
  name: Codeigniter - .env File Discovery
  author: emenalf
  severity: high
  description: Codeigniter .env file was discovered.
  metadata:
    max-request: 12
  tags: config,exposure,codeigniter,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}{{paths}}"
    payloads:
      paths:
        - "/.env"
        - "/.env.dev.local"
        - "/.env.development.local"
        - "/.env.prod.local"
        - "/.env.production.local"
        - "/.env.local"
        - "/.env.example"
        - "/.env.stage"
        - "/.env.live"
        - "/.env_1"
        - "/.env.old"
        - "/.env_sample"

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "(?m)^APP_(NAME|ENV|KEY|DEBUG|URL|PASSWORD)"
          - "(?m)^DB_(HOST|PASSWORD|DATABASE)"
        condition: or

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100f3281b7d674311800e95e741a9b28ef0312b2508fc911658cf5871b79101ba14022056fcd26ee7d32c2aff458904aa3d40a4212bd4fa95f2d8e833ce2b0e1ca829ee:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/exposures/configs/codeigniter-env.yaml

相关漏洞推荐