environment-rb: Environment Ruby File Disclosure

日期: 2025-08-01 | 影响软件: Environment Ruby | POC: 已公开

漏洞描述

Ruby environment file is exposed.

PoC代码[已公开]

id: environment-rb

info:
  name: Environment Ruby File Disclosure
  author: DhiyaneshDK
  severity: medium
  description: Ruby environment file is exposed.
  classification:
    cpe: cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 3
    vendor: ruby-lang
    product: ruby
    google-query: intitle:"index of" "environment.rb"
  tags: ruby,devops,exposure,files,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/environment.rb"
      - "{{BaseURL}}/config/environment.rb"
      - "{{BaseURL}}/redmine/config/environment.rb"

    stop-at-first-match: true

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '# Load the Rails application.'

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100f834bd7279d1f96d6f3f34e96d510c21f722a0fc172c58ac992bb1e01ea917b5022100cfa53db538cdefbd353b8dab25ed21ff6cedff7e8dbb47587518578b3cda78a2:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/exposures/files/environment-rb.yaml