漏洞描述
Detected exposed Postman collection JSON files that contained API endpoints and environment details. These files were publicly accessible and disclosed authentication headers and other sensitive information.
postman-collection-exposure: Postman Collection Exposure
PoC代码[已公开]
id: postman-collection-exposure
info:
name: Postman Collection Exposure
author: Hamza Sahin
severity: low
description: |
Detected exposed Postman collection JSON files that contained API endpoints and environment details. These files were publicly accessible and disclosed authentication headers and other sensitive information.
reference:
- https://medium.com/@utkarshporwal24/exposed-postman-collections-ed6086b96ba5
metadata:
verified: true
max-request: 1
shodan-query: http.html:"postman.json"
tags: api,postman,exposure,discovery
http:
- method: GET
path:
- "{{BaseURL}}/postman.json"
- "{{BaseURL}}/docs/postman.json"
- "{{BaseURL}}/api/postman.json"
- "{{BaseURL}}/postman_collection.json"
- "{{BaseURL}}/collections/postman.json"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: regex
part: header
regex:
- '(?i)content-type:\s*application/(json|vnd\.postman\.[^;\s]+)'
- type: regex
part: body
regex:
- '(?i)"info"\s*:\s*\{\s*"name"\s*:\s*".+?"'
- type: regex
part: body
regex:
- '(?i)"item"\s*:\s*\['
- type: status
status:
- 200
# digest: 4b0a00483046022100dec91e5f6e6a6d5fa455b7b4bbcf3eed8f510870b9b14ccfce53f8f396574538022100a27f23002e14664a973f4250782f204dbf0f1ca5dd337f4fb03404b57c4307db:922c64590222798bb761d5b6d8e72950