漏洞描述
Detected AWS Elastic Beanstalk Dockerrun.aws.json configuration file was publicly accessible, potentially revealing Docker container definitions, image names, hostnames, port mappings, and infrastructure details.
dockerrun-aws-json-exposure: AWS Elastic Beanstalk Dockerrun.aws.json - Exposure
PoC代码[已公开]
id: dockerrun-aws-json-exposure
info:
name: AWS Elastic Beanstalk Dockerrun.aws.json - Exposure
author: 0x_Akoko
severity: medium
description: |
Detected AWS Elastic Beanstalk Dockerrun.aws.json configuration file was publicly accessible, potentially revealing Docker container definitions, image names, hostnames, port mappings, and infrastructure details.
reference:
- https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_docker_v2config.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cwe-id: CWE-200
metadata:
verified: true
max-request: 2
shodan-query: html:"AWSEBDockerrunVersion"
fofa-query: body="AWSEBDockerrunVersion"
tags: aws,docker,config,exposure,misconfig
http:
- method: GET
path:
- "{{BaseURL}}/Dockerrun.aws.json"
- "{{BaseURL}}/static/Dockerrun.aws.json"
stop-at-first-match: true
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains_any(content_type, "application/json", "text/plain")'
- 'contains_all(body, "AWSEBDockerrunVersion", "containerDefinitions", "image")'
condition: and
# digest: 4b0a00483046022100a686e23eeb3b1a2b6c98162d28b08aad22d63d37fd206a8095a5f659e438cfa8022100e35739d519a171dc28167b5e6996ca9a282920a9367e52e98fc1ec564885716a:922c64590222798bb761d5b6d8e72950