ds-store-leak: Directory Listing via DS_Store

漏洞描述

PoC代码[已公开]

id: ds-store-leak

info:
  name: Directory Listing via DS_Store
  author: 0w4ys
  severity: info
  verified: true
  description: |-
    Directory listing via DS_Store file.
  tags: ds-store,leak

rules:
  r0:
    request:
      method: GET
      path: /.DS_Store
    expression: response.status == 200 && response.body.bcontains(b'Bud1')
expression: r0()

相关漏洞推荐

• POC CVE-2020-19363: Vtiger CRM v7.2.0 - Directory Listing
• POC drupal-directory-listing: Drupal Directory Listing
• POC CVE-2022-38130: KeySight RF - smsRestoreDatabaseZip UNC path to Remote Code Execution
• POC apache-mod-negotiation-listing: Apache mod_negotiation - Pseudo Directory Listing
• POC gcs-bucket-listing: Google Cloud Storage - Public Bucket Listing
• POC jetty-directory-listing: Eclipse Jetty - Directory Listing Enabled
• POC wordpress-storefront-fpd: WordPress Storefront Theme - Full Path Disclosure
• POC jetpack-stored-xss: Jetpack < 6.5 - Stored Cross-Site Scripting
• 智联云采 SRM2.0 /adpweb/static/..;/a/db/dbBackupScheme/restore 命令执行漏洞
• POC vtigercrm-exposed-directory: Vtiger CRM - Exposed Directory
• SRM智联云采系统 restore 远程代码执行漏洞
• 智联云采 SRM2.0 restore 存在远程命令执行漏洞
• （CVE-2025-21017）Blockchain Keystore越界写入漏洞