production-log: Production Log File Disclosure

日期: 2025-08-01 | 影响软件: production-log | POC: 已公开

漏洞描述

Production log file was exposed.

PoC代码[已公开]

id: production-log

info:
  name: Production Log File Disclosure
  author: geeknik
  severity: low
  description: Production log file was exposed.
  metadata:
    verified: true
    max-request: 3
    github-query: filename:production.log Connecting to database specified by database.yml
  tags: exposure,files,logs,vuln

http:
  - method: GET
    path:
      - '{{BaseURL}}/log/production.log'
      - '{{BaseURL}}/logs/production.log'
      - '{{BaseURL}}/production.log'

    stop-at-first-match: true

    matchers-condition: and
    matchers:
      - type: word
        words:
          - 'Connecting to database specified by database.yml'

      - type: word
        part: header
        words:
          - 'text/html'
        negative: true

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100a09bf73323056de07390be1e34a353b40a86b2a03a86f2799a40ae0fe5e9cf350220412dab6d06a8521fa14aa6531ca92ba4a6fcc6b84434c89bda9424ffe66d3a91:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/exposures/logs/production-log.yaml