reactapp-env-js: React App Environment Js

日期: 2025-08-01 | 影响软件: reactapp | POC: 已公开

漏洞描述

PoC代码[已公开]

id: reactapp-env-js

info:
  name: React App Environment Js
  author: random-robbie,rinolock
  severity: unknown
  metadata:
    verified: true
    max-request: 4
    github-query: "REACT_APP_"
  tags: react,exposure,config,js,javascript,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/env.js"
      - "{{BaseURL}}/config.js"
      - "{{BaseURL}}/config/env.js"
      - "{{BaseURL}}/config/runtime-env.js"

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "REACT_APP_"

      - type: word
        part: header
        words:
          - "application/octet-stream"
          - "application/javascript"
          - "text/plain"
        condition: or

      - type: status
        status:
          - 200
# digest: 4b0a0048304602210088ec304914d1e231abfb4c4568da9db3e64e3cab9184bc3d969ac6df676bc77402210080b7068a49587b375d030b400f5ddd23f7a434b378900124d862c737d932c516:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/exposures/files/reactapp-env-js.yaml