漏洞描述
FTP Deployment cache file that contains whole files structure with paths to potentially sensitive files.
ht-deployment: .htdeployment - Files Tree Cache File
PoC代码[已公开]
id: ht-deployment
info:
name: .htdeployment - Files Tree Cache File
author: Michal-Mikolas
severity: medium
description: |
FTP Deployment cache file that contains whole files structure with paths to potentially sensitive files.
remediation: Block access to the file using `.htaccess` on the server. The best-practise is to block all the folders/files beginning with `.` except `.well-known` folder.
reference:
- https://github.com/dg/ftp-deployment/tree/master
- https://github.com/dg/ftp-deployment/blob/master/src/Deployment/Deployer.php#L206
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
metadata:
verified: true
max-request: 2
vendor: dg
product: ftp-deployment
tags: files,exposure,php,deployment,cache,dg,vuln
http:
- method: GET
path:
- "{{BaseURL}}/.htdeployment"
- "{{BaseURL}}/.deployment"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "[config]"
- "1F 8B"
condition: or
- type: word
part: header
words:
- "application/octet-stream"
- "text/plain"
condition: or
# digest: 4a0a00473045022100a7e46847957a8f2059a9f836bea489bebb15ac286442ac7cc717bda3ebc8cd460220577df23e25f8cd61a66f8a9a967941339bb519c986a5d3b3d916a7aa121b927f:922c64590222798bb761d5b6d8e72950