gcs-bucket-listing: Google Cloud Storage - Public Bucket Listing

日期: 2026-01-08 | 影响软件: Google Cloud Storage | POC: 已公开

漏洞描述

Detected Google Cloud Storage bucket was publicly accessible and allows listing of objects, potentially exposing sensitive files.

PoC代码[已公开]

id: gcs-bucket-listing

info:
  name: Google Cloud Storage - Public Bucket Listing
  author: 0x_Akoko
  severity: unknown
  description: |
    Detected Google Cloud Storage bucket was publicly accessible and allows listing of objects, potentially exposing sensitive files.
  reference:
    - https://cloud.google.com/storage/docs/public-access-prevention
  metadata:
    verified: true
    max-request: 1
    shodan-query: "storage.googleapis.com"
  tags: exposure,gcs,google,cloud,bucket,misconfig

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains_all(body, "ListBucketResult", "<Contents>", "<Generation>")'
        condition: and
# digest: 4a0a0047304502207ea334c59f5a7d329a0ce22cef01d69cc4aecf871c5629200eca2911bd8220db022100e41571c88ef4c97b1e79461c58914c8764d41364526b33be96b126d99d49b494:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/misconfiguration/google/gcs-bucket-listing.yaml

相关漏洞推荐