go-pprof-debug: Go pprof Debug Page

日期: 2025-08-01 | 影响软件: go-pprof-debug | POC: 已公开

漏洞描述

go pprof debug page was exposed.

PoC代码[已公开]

id: go-pprof-debug

info:
  name: Go pprof Debug Page
  author: w8ay
  severity: low
  description: go pprof debug page was exposed.
  metadata:
    max-request: 2
  tags: logs,exposure,go,pprof,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/debug/pprof/heap?debug=1"
      - "{{BaseURL}}/pprof/heap?debug=1"

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
        words:
          - 'heap profile:'
          - 'Alloc'
        condition: and

      - type: word
        words:
          - "text/plain"
        part: header

      - type: status
        status:
          - 200
# digest: 4a0a0047304502203a2796d6b8a0d107864e19c5ec549f39b06b74a86f741382a8f093ec947049b3022100a9d419af3c084f7983a4f946098f4377a542e22ebc7343067e9af228e3873c0b:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/exposures/logs/go-pprof-debug.yaml