Detected CraftCMS with devMode enabled, which exposed the Yii2 debug toolbar and sensitive information. This misconfiguration could have leaked database queries, session data, cookies, stack traces, CSRF tokens, and internal application details to unauthenticated users.
PoC代码[已公开]
id: craftcms-debug-exposure
info:
name: CraftCMS Debug Methods Exposed
author: 0x_Akoko
severity: medium
description: |
Detected CraftCMS with devMode enabled, which exposed the Yii2 debug toolbar and sensitive information. This misconfiguration could have leaked database queries, session data, cookies, stack traces, CSRF tokens, and internal application details to unauthenticated users.
reference:
- https://craftcms.com/docs/5.x/system/config.html#devmode
- https://www.acunetix.com/vulnerabilities/web/craft-cms-development-mode-enabled/
metadata:
max-request: 3
verified: true
shodan-query: http.component:"Craft CMS"
fofa-query: app="Craft-CMS"
tags: craftcms,debug,misconfiguration,exposure,yii2
http:
- method: GET
path:
- "{{BaseURL}}/actions/debug/default/index"
- "{{BaseURL}}/actions/debug/default/toolbar"
- "{{BaseURL}}/actions/debug/default/view"
stop-at-first-match: true
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains_any(body, "Yii Debugger", "yii-debug-toolbar", "Available Debug Data")'
- 'contains(header, "Craft CMS") || contains(body, "cpresources")'
condition: and
# digest: 490a00463044022070b59a8f65e840980eb414f2796506fdd18b70427d39a1021059bc585326c1bf02200f28d9f692e6e557cbd63025ba38e4b3c2b74c42390d9c91c3903d58ff0a90eb:922c64590222798bb761d5b6d8e72950