漏洞描述
Error log files were exposed.
error-logs: Common Error Log Files
PoC代码[已公开]
id: error-logs
info:
name: Common Error Log Files
author: geeknik,daffainfo,ELSFA7110,Hardik-Solanki
severity: low
description: Error log files were exposed.
metadata:
max-request: 29
tags: logs,exposure,error,vuln
http:
- method: GET
path:
- "{{BaseURL}}{{paths}}"
payloads:
paths:
- "/php_errors.log"
- "/MyErrors.log"
- "/admin/error.log"
- "/admin/errors.log"
- "/admin/log/error.log"
- "/admin/logs/error.log"
- "/admin/logs/errors.log"
- "/application/logs/application.log"
- "/application/logs/default.log"
- "/config/error_log"
- "/error.log"
- "/error.txt"
- "/error/error.log"
- "/error_log"
- "/error_log.txt"
- "/errors.log"
- "/errors.txt"
- "/errors/errors.log"
- "/errors_log"
- "/log.log"
- "/log.txt"
- "/log/error.log"
- "/log/errors.log"
- "/logs.txt"
- "/logs/error.log"
- "/logs/errors.log"
- "/routes/error_log"
- "/{{Hostname}}/error.log"
- "/{{Hostname}}/errors.log"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
words:
- "Segmentation Fault"
- "coredump"
- "Broken pipe"
- "FastCGI sent in stderr"
- "Fatal error:"
- "Stack trace:"
condition: or
- type: dsl
dsl:
- "contains(tolower(header), 'content-type: text/plain') || contains(tolower(header), 'content-type: application/octet-stream') || !contains(tolower(header), 'content-type:')"
- type: status
status:
- 200
# digest: 4b0a004830460221009422fd88ed74c47556fe2c4293182f43f2e20e783a035841b791067a18f5e78e022100821262b267f7305aeac334e919ab3755b271e9ab5b0d9fe601d7727d3768903f:922c64590222798bb761d5b6d8e72950