razorpay-clientid-disclosure: Razorpay Client ID Disclosure

漏洞描述

PoC代码[已公开]

id: razorpay-clientid-disclosure

info:
  name: Razorpay Client ID Disclosure
  author: Devang-Solanki
  severity: high
  description: Razorpay Client ID is exposed to external users.
  reference:
    - https://github.com/streaak/keyhacks#Razorpay-keys
    - https://docs.gitguardian.com/secrets-detection/detectors/specifics/razorpay_apikey
  metadata:
    max-request: 1
  tags: exposure,token,razorpay,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    extractors:
      - type: regex
        part: body
        regex:
          - "rzp_(live|test)_.{14}"
# digest: 4a0a00473045022014c9d639a604746aa4986039be7a88d4d2274c5ad7adce6437e2edaf4e132e70022100906e717aa58185baadac94c93c0b7aca4650d76f4cc7c7f04ef345881205571e:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• 深圳市易宇通科技有限公司kingtrans物流管理系统ClientInfo serialids参数存在SQL注入漏洞
• 深圳市易宇通科技有限公司kingtrans物流管理系统WeChatServlet clientid参数存在SQL注入漏洞
• 孚盟云系统 /PagePopWindow/lkpClientsCust.aspx SQL 注入漏洞
• （CVE-2023-53879）NVClient 5.0用户配置联系人字段栈溢出漏洞导致拒绝服务
• POC CVE-2019-4061: IBM BigFix Platform - Information Disclosure
• POC CVE-2024-31223: Fides Privacy Center ≤ 2.39.1 - Server-Side URL Disclosure
• POC CVE-2025-55749: XWiki - Information Disclosure
• POC bitrix-log-file-disclosure: Bitrix Site Manager - Log File Disclosure
• POC wp-easy-google-fonts-log-disclosure: WordPress Easy Google Fonts - Error Log Disclosure
• POC wp-importer-log-disclosure: WordPress Importer - Error Log Disclosure
• POC buildpath-file-disclosure: .buildpath - File Disclosure
• POC sharepoint-lists-api-disclosure: Microsoft SharePoint - List API Disclosure
• POC wp-woocommerce-admin-fpd: WordPress Plugin WooCommerce Admin (woocommerce-admin) Full Path Disclosure