razorpay-clientid-disclosure: Razorpay Client ID Disclosure

日期: 2025-08-01 | 影响软件: razorpay client id disclosure | POC: 已公开

漏洞描述

Razorpay Client ID is exposed to external users.

PoC代码[已公开]

id: razorpay-clientid-disclosure

info:
  name: Razorpay Client ID Disclosure
  author: Devang-Solanki
  severity: high
  description: Razorpay Client ID is exposed to external users.
  reference:
    - https://github.com/streaak/keyhacks#Razorpay-keys
    - https://docs.gitguardian.com/secrets-detection/detectors/specifics/razorpay_apikey
  metadata:
    max-request: 1
  tags: exposure,token,razorpay

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    extractors:
      - type: regex
        part: body
        regex:
          - "rzp_(live|test)_.{14}"
# digest: 490a0046304402200985ddf88b4b3c1ff9c201ab15d71b51be619deacdee079e742dc9f4edae146802201dd2bf6da75d00dceadd3768577526f57124b6c2f4a780198f54504510da279a:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./http/exposures/tokens/razorpay/razorpay-clientid-disclosure.yaml