漏洞描述
LESSHST file is a Less History File. LESSHST file is a Less History File. Less is a terminal pager program on Unix, Windows, and Unix-like systems used to view (but not change) the contents of a text file one screen at a time.
lesshst-history: Less History - File Disclosure
PoC代码[已公开]
id: lesshst-history
info:
name: Less History - File Disclosure
author: kazet
severity: low
description: |
LESSHST file is a Less History File. LESSHST file is a Less History File. Less is a terminal pager program on Unix, Windows, and Unix-like systems used to view (but not change) the contents of a text file one screen at a time.
metadata:
verified: true
max-request: 1
shodan-query: html:"lesshst"
tags: misconfig,disclosure,config,files,vuln
http:
- method: GET
max-redirects: 1
path:
- "{{BaseURL}}/.lesshst"
matchers-condition: and
matchers:
- type: word
words:
- ".less-history-file:"
- type: word
part: response
words:
- "<?xml"
- "<env"
- "application/javascript"
- "application/json"
- "application/xml"
- "html>"
- "text/html"
- "image/"
negative: true
- type: status
status:
- 200
# digest: 4b0a00483046022100b136c5ea476fb7fd4eaae46bf87ff335549f89003ddb0628d0220efa196110f8022100ea7fb1cec4a2515bdded5c558a75f84365954bf9fe66418601f4c6988c672132:922c64590222798bb761d5b6d8e72950