fcm-server-key: FCM Server Key - 漏洞情报订阅

PoC代码[已公开]

id: fcm-server-key

info:
  name: FCM Server Key
  author: absshax
  severity: high
  description: FCM Server Key is leaked.
  reference:
    - https://abss.me/posts/fcm-takeover
  metadata:
    max-request: 1
  tags: exposure,token,google,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    extractors:
      - type: regex
        part: body
        regex:
          - "AAAA[a-zA-Z0-9_-]{7}:[a-zA-Z0-9_-]{140}"
# digest: 4b0a00483046022100f8c417765fc7b452fa2f78860a53eed9f30756fef4f122eef963ee4729868d9a022100b3015892e48ff3d93d368f1b91891daa7c589fa901fe3d6779b8a0e39f2998e6:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/exposures/tokens/google/fcm-server-key.yaml

漏洞描述

PoC代码[已公开]