flow-config-exposure: Flow Configuration - Exposure

漏洞描述

PoC代码[已公开]

id: flow-config-exposure

info:
  name: Flow Configuration - Exposure
  author: theamanrawat
  severity: medium
  description: |
    Detects an exposed Flow configuration file. These files may contain sensitive information such as credentials, internal endpoints, or environment settings.
  reference:
    - https://flow.org/en/docs/config/
  metadata:
    max-request: 1
  tags: exposure,config,flow,devops

http:
  - method: GET
    path:
      - "{{BaseURL}}/.flowconfig"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "[include]"
          - "[ignore]"
          - "build"
          - "lib"
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a0047304502204b7abc3976e00e37cd1faee124645ef518ee236593c193f2d77f41a596a8bf2702210092bf93648f15367e164947654dd6375654f69078c6df88475efb94cb090b0a51:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• POC CVE-2019-5591: FortiOS - Insecure LDAP Configuration Detection
• POC CVE-2025-34291: Langflow AI <= 1.6.9 - CORS Misconfiguration
• POC ambassador-api-diagnostics-exposure: Ambassador API Gateway Diagnostics - Exposure
• POC wordpress-db-exposure: WordPress Database Backup File - Exposure
• POC bash-config-exposure: Bash Configuration - Exposure
• POC codekit-config-exposure: CodeKit Configuration Exposure
• POC glimpse-data-exposure: Glimpse Diagnostics - Sensitive Data Exposure
• POC grafana-metrics-exposure: Grafana Metrics Endpoint - Information Disclosure
• POC jfrog-artifactory-build-exposure: JFrog Artifactory Build - Exposure
• POC keycloak-admin-console-config: Keycloak Admin Console Configuration Disclosure
• POC makefile-exposure: Makefile - Exposure
• POC mysql-config-exposure: MySQL Conifg - Exposure
• POC python-setup-config: Python Setup Configuration - Exposure