漏洞描述
Karma configuration file was detected.
karma-config-js: Karma Configuration File - Detect
PoC代码[已公开]
id: karma-config-js
info:
name: Karma Configuration File - Detect
author: DhiyaneshDk
severity: medium
description: Karma configuration file was detected.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cwe-id: CWE-200
cpe: cpe:2.3:a:karma_project:karma:*:*:*:*:node.js:*:*:*
metadata:
verified: true
max-request: 2
shodan-query: html:"karma.conf.js"
product: karma
vendor: karma_project
tags: config,exposure,devops,vuln
http:
- method: GET
path:
- "{{BaseURL}}/.config/karma.conf.js"
- "{{BaseURL}}/karma.conf.js"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
words:
- "// Karma configuration"
- "module.exports"
condition: and
- type: status
status:
- 200
# digest: 4a0a00473045022100ed90c6d48f08f66956141f444ffc0c65409c110a4e6af4a508323794b102d08d02202a12fea3e9aeebf532aa5b2d31c86935c8fee790908f617a8d72cf6db164afdb:922c64590222798bb761d5b6d8e72950