iceflow-vpn-disclosure: ICEFlow VPN Disclosure

日期: 2025-08-01 | 影响软件: ICEFlow VPN | POC: 已公开

漏洞描述

ICEFlow VPN internal log file is exposed.

PoC代码[已公开]

id: iceflow-vpn-disclosure

info:
  name: ICEFlow VPN Disclosure
  author: pikpikcu
  severity: low
  description: ICEFlow VPN internal log file is exposed.
  metadata:
    max-request: 8
  tags: exposure,files,iceflow,logs,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/log/system.log"
      - "{{BaseURL}}/log/vpn.log"
      - "{{BaseURL}}/log/access.log"
      - "{{BaseURL}}/log/warn.log"
      - "{{BaseURL}}/log/error.log"
      - "{{BaseURL}}/log/debug.log"
      - "{{BaseURL}}/log/mobile.log"
      - "{{BaseURL}}/log/firewall.log"

    max-size: 2048

    matchers-condition: and
    matchers:
      - type: word
        words:
          - 'ICEFLOW VPN:'
          - 'ICEFLOW SYSTEM'
          - 'ICEFLOW'
        part: body
        condition: or

      - type: status
        status:
          - 200

      - type: word
        words:
          - "text/plain"
          - 'ICEFLOW'
        part: header
        condition: and
# digest: 4a0a00473045022100d9d40e170db27f67863d5654b88de60b27403873fa87dc22f416df12acf4501202205e3d0802c003fd890521c9aa7dd3a80970bd46d3dbfdda48b821ecb504cd3107:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/exposures/files/iceflow-vpn-disclosure.yaml

相关漏洞推荐