漏洞描述
Detected the exposure of the MiniProfiler debugging interface in Umbraco CMS. When exposed, it can reveal sensitive information including SQL queries, execution times, stack traces, and internal application details.
umbraco-miniprofiler-exposure: Umbraco Mini Profiler - Exposure
PoC代码[已公开]
id: umbraco-miniprofiler-exposure
info:
name: Umbraco Mini Profiler - Exposure
author: theamanrawat
severity: low
description: |
Detected the exposure of the MiniProfiler debugging interface in Umbraco CMS. When exposed, it can reveal sensitive information including SQL queries, execution times, stack traces, and internal application details.
reference:
- https://miniprofiler.com/
- https://umbraco.com/
metadata:
shodan-query: http.title:"Umbraco"
fofa-query: title="Umbraco"
tags: umbraco,miniprofiler,exposure,debug,misconfig
http:
- method: GET
path:
- "{{BaseURL}}/mini-profiler-resources/results"
- "{{BaseURL}}/umbraco/mini-profiler-resources/results"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "StartupProfiler"
- "var profiler ="
- '"DurationMilliseconds"'
condition: and
- type: status
status:
- 200
# digest: 4a0a00473045022063ffeaf43e6d2a4da2b987048d20eb293ce80f24c0e877bf9790b364c277df73022100e03e71beb6e0cb26ae0df343574a1166766e6929411b89df6bea6d7cd4162959:922c64590222798bb761d5b6d8e72950