vercel-source-exposure: Vercel Source Code Exposure

漏洞描述

The Vercel Source Code Exposure misconfiguration allows an attacker to access sensitive source code files on the Vercel platform.

PoC代码[已公开]

id: vercel-source-exposure

info:
  name: Vercel Source Code Exposure
  author: hlop
  severity: medium
  description: |
    The Vercel Source Code Exposure misconfiguration allows an attacker to access sensitive source code files on the Vercel platform.
  reference:
    - https://vercel.com/docs/projects/overview#logs-and-source-protection
  metadata:
    max-request: 1
    fofa-query: cname_domain="vercel.app" || icon_hash="-2070047203"
  tags: vercel,exposure,misconfig,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/_src"

    redirects: true
    max-redirects: 3

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "Deployment Source</title>"
          - "Deployment Source – Dashboard – Vercel"
        condition: or

      - type: word
        part: body
        words:
          - "<title>Login – Vercel</title>"
        negative: true
# digest: 4b0a00483046022100b513f8617c79e4f1be32b8e2cd6a8bf5f90e066e14d8eba34c817b435a504aad022100c7991a51403dbb2f9eeff3e117315fdea7b1a6a2e1e49190d1764bff40c8a529:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/misconfiguration/vercel-source-exposure.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐