漏洞描述
JFrog Artifactory Artifact repository was exposed.
jfrog-artifactory-exposure: JFrog Artifactory Artifacts Exposure
PoC代码[已公开]
id: jfrog-artifactory-exposure
info:
name: JFrog Artifactory Artifacts Exposure
author: DhiyaneshDk
severity: low
description: |
JFrog Artifactory Artifact repository was exposed.
reference:
- https://jfrog.com/help/r/jfrog-rest-apis/artifactory-rest-apis
metadata:
verified: true
max-request: 1
shodan-query: title:"Jfrog"
tags: artifactory,misconfig,vuln
http:
- method: GET
path:
- "{{BaseURL}}/artifactory/api/repositories"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"key" :'
- '"type" :'
- '"url" :'
- '"packageType" :'
condition: and
- type: word
part: content_type
words:
- "application/vnd.org.jfrog.artifactory"
- type: status
status:
- 200
# digest: 4a0a00473045022100f2df4a827800edd0ec24540f70797e43c86d693759463983b2886cc4b0045c0402200f83d2c22eeef8cf8f7342bc54320e3cb0e49628db1bde0871572a778e1a1e8a:922c64590222798bb761d5b6d8e72950