漏洞描述
Detected exposed .gcloudignore files which may reveal directory structure,deployment configurations, and sensitive project information used by Google Cloud SDK (gcloud) during deployments.
gcloudignore-file-exposure: Google Cloud Ignore File Exposure
PoC代码[已公开]
id: gcloudignore-file-exposure
info:
name: Google Cloud Ignore File Exposure
author: DhiyaneshDK
severity: low
description: |
Detected exposed .gcloudignore files which may reveal directory structure,deployment configurations, and sensitive project information used by Google Cloud SDK (gcloud) during deployments.
reference:
- https://cloud.google.com/sdk/gcloud/reference/topic/gcloudignore
metadata:
verified: true
max-request: 1
tags: exposure,gcloud,google,config,files,cloud
http:
- method: GET
path:
- "{{BaseURL}}/.gcloudignore"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "deployment"
- "Cloud Build"
condition: or
- type: word
part: content_type
words:
- "application/octet-stream"
- type: status
status:
- 200
# digest: 4b0a0048304602210099dfd1e6b4e3663b6ea3ed55feadce9940623ced67e4c193ff2934036b6bc983022100a36c738567625aa9b0c4aea57f57606bd3237b87b55e6cddd8ee80acf7e3cace:922c64590222798bb761d5b6d8e72950