漏洞描述
Detected Glimpse diagnostics endpoint. Glimpse is a .NET diagnostics tool that reveals detailed request information, server configuration, SQL queries, connection strings, and session data.
glimpse-data-exposure: Glimpse Diagnostics - Sensitive Data Exposure
PoC代码[已公开]
id: glimpse-data-exposure
info:
name: Glimpse Diagnostics - Sensitive Data Exposure
author: 0x_Akoko
severity: high
description: |
Detected Glimpse diagnostics endpoint. Glimpse is a .NET diagnostics tool that reveals detailed request information, server configuration, SQL queries, connection strings, and session data.
reference:
- https://getglimpse.com/
- https://github.com/Glimpse/Glimpse
classification:
cwe-id: CWE-200
metadata:
verified: true
max-request: 2
shodan-query: html:"Glimpse.axd"
fofa-query: body="Glimpse.axd"
tags: exposure,misconfig,dotnet,glimpse,debug
http:
- method: GET
path:
- "{{BaseURL}}/glimpse.axd"
- "{{BaseURL}}/Glimpse.axd"
stop-at-first-match: true
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains_all(body, "Glimpse - Configuration Page", "Turn Glimpse On", "getglimpse.com")'
condition: and
# digest: 4a0a0047304502201aa5b5aa4c337567ccf40ea0bba737c4d6741ce0d280933a95d79da8a0c96421022100fb19b2c93c733d528653ace0aeae8d4d23175e9887b136ed69acf6d0aca3bacb:922c64590222798bb761d5b6d8e72950