Detected Deadjoe file,this file was created by Joe's Own Editor when a session terminated abnormally. It contained the full contents of the file being edited at the time of the crash, potentially exposing sensitive information such as passwords, configuration files, or credentials.
PoC代码[已公开]
id: joe-deadjoe-file-exposure
info:
name: Joe Editor DEADJOE File - Exposure
author: 0x_Akoko
severity: low
description: |
Detected Deadjoe file,this file was created by Joe's Own Editor when a session terminated abnormally. It contained the full contents of the file being edited at the time of the crash, potentially exposing sensitive information such as passwords, configuration files, or credentials.
reference:
- https://www.acunetix.com/vulnerabilities/web/joe-editor-deadjoe-file/
- https://www.invicti.com/web-application-vulnerabilities/joe-editor-deadjoe-file
- https://www.freebsd.org/security/advisories/FreeBSD-SA-01:04.joe.asc
classification:
cwe-id: CWE-538
metadata:
verified: true
max-request: 1
tags: exposure,deadjoe,misconfig,files
http:
- method: GET
path:
- "{{BaseURL}}/DEADJOE"
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains_any(body, "JOE was aborted", "modified files were found in JOE", "JOE when it aborted")'
- 'contains_all(body, "***", "JOE")'
condition: and
# digest: 4a0a00473045022100ba853557055d61ff56d3f7d6f1607e93859d51aadaedeeaef62064b3ed91d140022054924335f0c2d12303fa06d9315e52a60f51bf9c704ad67023be516c3b95fdf2:922c64590222798bb761d5b6d8e72950