debug-vars: Golang Expvar - Detect

漏洞描述

Golang expvar function exposes multiple public variables via HTTP such as stack trace information and server operation counters.

PoC代码[已公开]

id: debug-vars

info:
  name: Golang Expvar - Detect
  author: luqman
  severity: low
  description: Golang expvar function exposes multiple public variables via HTTP such as stack trace information and server operation counters.
  metadata:
    max-request: 1
  tags: go,debug,exposure,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/debug/vars"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '"memstats":'
          - '"cmdline":'
        condition: and

      - type: status
        status:
          - 200
# digest: 490a0046304402205506da8c713a09e77fc4d8978f6c43311e9fb738981a1202629cde0b6c4379bc02203f52a8d039d43914f825f4ce9709f0a63de4d72ac9df14f15bfe57c90d084111:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/exposures/configs/debug-vars.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐