google-adk-api-exposed: Google ADK API Exposure

日期: 2025-08-01 | 影响软件: Google ADK | POC: 已公开

漏洞描述

Detects the exposure of the Google Agent Development Kit (ADK) API, which may lead to sensitive information disclosure or unauthorized access.

PoC代码[已公开]

id: google-adk-api-exposed

info:
  name: Google ADK API Exposure
  author: princechaddha
  severity: unknown
  description: |
    Detects the exposure of the Google Agent Development Kit (ADK) API, which may lead to sensitive information disclosure or unauthorized access.
  reference:
    - https://google.github.io/adk-docs/
    - https://github.com/google/adk-samples
  metadata:
    max-request: 1
    verified: true
  tags: adk,exposure,google,ai,agent,api,devops,discovery

http:
  - raw:
      - |
        POST /apps/my_sample_agent/users/{{randstr}}/sessions/s_123 HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"state": {"key1": "value1", "key2": 42}}

    matchers:
      - type: word
        part: body
        words:
          - '","userId":"{{randstr}}"'
          - '{"id":"'
        condition: and
# digest: 4a0a0047304502206646aebb8c327db0b9f26c0477930c825c5fbe699c1cc19bcd4e6a79eaec1b76022100dcb8475a7b5699290f83f01a01a5c5ef35856dc2201c2e9c748d83a8b7d1467e:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/exposed-panels/google-adk-api-exposed.yaml

相关漏洞推荐