npm-log-file: Publicly accessible NPM Log file

日期: 2025-08-01 | 影响软件: npm log file | POC: 已公开

漏洞描述

NPM log file is exposed to external users.

PoC代码[已公开]

id: npm-log-file

info:
  name: Publicly accessible NPM Log file
  author: sheikhrishad,DhiyaneshDk
  severity: low
  description: NPM log file is exposed to external users.
  reference:
    - https://github.com/maurosoria/dirsearch/blob/master/db/dicc.txt
  classification:
    cpe: cpe:2.3:a:npmjs:npm:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: npmjs
    product: npm
    shodan-query: html:"npm-debug.log"
  tags: npm,logs,exposure,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/npm-debug.log"
      - "{{BaseURL}}/assets/npm-debug.log"

    stop-at-first-match: true

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "info it worked if it ends with ok"

      - type: status
        status:
          - 200
# digest: 490a0046304402206b7d7e88fe100e1197f01d09ab2c57988a82ef8dbbe466d3c7ce3462f15b6cd002203280654f24c539afebee95bd0dadbb7331ba3c4e75ac3ef77ba4d804ff23bf28:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/exposures/logs/npm-log-file.yaml