javascript-env: JavaScript Environment Configuration - Detect

日期: 2025-08-01 | 影响软件: javascript-env | POC: 已公开

漏洞描述

Multiple common JavaScript environment configuration files were detected.

PoC代码[已公开]

id: javascript-env

info:
  name: JavaScript Environment Configuration - Detect
  author: pdp,geeknik,hetyh
  severity: low
  description: Multiple common JavaScript environment configuration files were detected.
  metadata:
    max-request: 7
  tags: javascript,config,exposure,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/env.js"
      - "{{BaseURL}}/env.development.js"
      - "{{BaseURL}}/env.production.js"
      - "{{BaseURL}}/env.test.js"
      - "{{BaseURL}}/env.dev.js"
      - "{{BaseURL}}/env.prod.js"
      - "{{BaseURL}}/__ENV.js"

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: dsl
        dsl:
          - "contains(tolower(content_type), 'application/javascript')"

      - type: word
        part: body
        words:
          - "module.exports"
          - "const audience"
          - "const domain"
          - "NODE_ENV"
          - "LOG_LEVEL"
          - "TOKEN"
          - "KEY"
          - "PASSWORD"
          - "VERSION"
          - "window.__ENV ="
        condition: or

      - type: word
        part: body
        words:
          - "Bootstrap"
          - "jQuery"
          - "CSS TRANSITION SUPPORT"
          - "is_ad_blocked"
        condition: or
        negative: true
# digest: 490a004630440220404466b88da26126984d8a9408b98cbaa7eebd9230333fca3b0d6376b6314ef4022019cfd15dc78732fae08e3077a1085c51cce2f3ae0e01f3584df12699a223b7ca:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/exposures/files/javascript-env.yaml