漏洞描述
Multiple common JavaScript environment configuration files were detected.
javascript-env-config: JavaScript Environment Configuration - Detect
PoC代码[已公开]
id: javascript-env-config
info:
name: JavaScript Environment Configuration - Detect
author: pdp,geeknik
severity: low
description: Multiple common JavaScript environment configuration files were detected.
metadata:
max-request: 6
tags: javascript,config,exposure,vuln
http:
- method: GET
path:
- "{{BaseURL}}/env.js"
- "{{BaseURL}}/env.development.js"
- "{{BaseURL}}/env.production.js"
- "{{BaseURL}}/env.test.js"
- "{{BaseURL}}/env.dev.js"
- "{{BaseURL}}/env.prod.js"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: dsl
dsl:
- "contains(tolower(header), 'content-type: application/javascript')"
- type: word
part: body
words:
- "module.exports"
- "const audience"
- "const domain"
- "NODE_ENV"
- "LOG_LEVEL"
- "TOKEN"
- "KEY"
- "PASSWORD"
- "VERSION"
condition: or
- type: word
part: body
words:
- "Bootstrap"
- "jQuery"
- "CSS TRANSITION SUPPORT"
- "is_ad_blocked"
condition: or
negative: true
# digest: 4a0a0047304502210098eb16f2196c262fad0cfb0d5ae4afc587b87b1c0d01fded36eb6bd58fbaf4f9022078c73545029bc7d3f45afca5955b4fcab20a3f0df563c1ae68f9059dcacab8b5:922c64590222798bb761d5b6d8e72950