makefile-exposure: Makefile - Exposure

日期: 2026-01-08 | 影响软件: Makefile | POC: 已公开

漏洞描述

Detected Makefile configuration file was identified, which potentially exposed build process details, author information, and directory structure

PoC代码[已公开]

id: makefile-exposure

info:
  name: Makefile - Exposure
  author: 0x_Akoko
  severity: low
  description: |
    Detected Makefile configuration file was identified, which potentially exposed build process details, author information, and directory structure
  reference:
    - https://www.gnu.org/software/make/manual/make.html
  metadata:
    verified: true
    max-request: 2
  tags: exposure,config,makefile

http:
  - method: GET
    path:
      - "{{BaseURL}}/Makefile"
      - "{{BaseURL}}/makefile"

    stop-at-first-match: true

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains_any(body, "PHONY:", "all:", "clean:", ".SUFFIXES:", "$(MAKE)")'
          - '!contains_any(body,"<!DOCTYPE","<html","<script>")'
          - 'len(body) > 100 && len(body) < 100000'
        condition: and
# digest: 4a0a00473045022100b41059a4eb29bdfd1d74bfb905948e32ccb740dbecb9c5f25b04dead41376d6d022025ab19950117b9fc7af8ade9a0b8f4802ee002e07ed0682b5e730e97b5161e67:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/exposures/configs/makefile-exposure.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐