esmtprc-config: eSMTP - Config Discovery

日期: 2025-08-01 | 影响软件: eSMTP | POC: 已公开

漏洞描述

eSMTP configuration was discovered.

PoC代码[已公开]

id: esmtprc-config

info:
  name: eSMTP - Config Discovery
  author: geeknik
  severity: high
  description: eSMTP configuration was discovered.
  reference:
    - https://linux.die.net/man/5/esmtprc
  metadata:
    max-request: 1
  tags: esmtp,config,exposure,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/.esmtprc"

    matchers-condition: and
    matchers:
      - type: word
        part: header
        words:
          - "text/plain"

      - type: word
        part: body
        words:
          - "hostname"
          - "username"
          - "password"
        condition: and

      - type: status
        status:
          - 200
# digest: 4b0a0048304602210099146b994d9f7d73ab873e726e69f7fe6f1b17b6b9efc049995c7072ce93e206022100ca5d0f046eef90d57cd2537444a53974d31fa30a48085bc7dba70631c91c8e90:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/exposures/configs/esmtprc-config.yaml