credentials-json: Credentials File Disclosure

日期: 2025-08-01 | 影响软件: credentials-json | POC: 已公开

漏洞描述

Internal secret file is exposed.

PoC代码[已公开]

id: credentials-json

info:
  name: Credentials File Disclosure
  author: ritikchaddha
  severity: medium
  description: Internal secret file is exposed.
  metadata:
    verified: true
    max-request: 2
    google-query: intitle:"index of" "credentials.json"
  tags: google,secret,exposure,files,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/credentials.json"
      - "{{BaseURL}}/assets/credentials.json"

    stop-at-first-match: true

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '"client_secret":'
          - '"client_id":'
        condition: and

      - type: status
        status:
          - 200
# digest: 490a004630440220263f83b1745cc6479705cd8f3a3b050c9bcb6ec33bd79264f5ae0e81ebd169ef0220404e49ea7759075da4986629d47e0050fa6f24b51db1d9ac666bbe48ae064535:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/exposures/files/credentials-json.yaml