tugboat-config-exposure: Tugboat Configuration File Exposure

日期: 2025-08-01 | 影响软件: Tugboat | POC: 已公开

漏洞描述

A Tugboat configuration file was discovered. Tugboat is a command line tool for interacting with DigitalOcean droplets.

PoC代码[已公开]

id: tugboat-config-exposure

info:
  name: Tugboat Configuration File Exposure
  author: geeknik
  severity: critical
  description: A Tugboat configuration file was discovered. Tugboat is a command line tool for interacting with DigitalOcean droplets.
  reference:
    - https://github.com/petems/tugboat
    - https://www.digitalocean.com/community/tools/tugboat
  metadata:
    max-request: 1
  tags: tugboat,config,exposure,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/.tugboat"

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        words:
          - "authentication"
          - "access_token"
          - "ssh_user"
        condition: and

    extractors:
      - type: regex
        part: body
        regex:
          - 'access_token: .*'
# digest: 490a004630440220650e165c38f0c84b126f786c6d83a1654e3bdbeb1047b53b92fbd8002861a59902201207b06d0b987759234148bcf2240497bc2872f1fcd550d0cc32fd0b970513fd:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/exposures/tokens/digitalocean/tugboat-config-exposure.yaml