Visual Studio Code and Visual Studio may create slnx.sqlite database files that contain solution metadata, project information, and potentially sensitive configuration data. If these files are accessible on a web server, they can expose internal project structure and development environment details.
PoC代码[已公开]
id: vscode-slnx-sqlite-disclosure
info:
name: Visual Studio Code - Slnx.SQLite File Disclosure
author: ritikchaddha
severity: high
description: |
Visual Studio Code and Visual Studio may create slnx.sqlite database files that contain solution metadata, project information, and potentially sensitive configuration data. If these files are accessible on a web server, they can expose internal project structure and development environment details.
metadata:
max-request: 2
verified: true
fofa-query: title="Visual Studio Code"
tags: vscode,visual-studio,sqlite,disclosure,exposure,file
http:
- method: GET
path:
- "{{BaseURL}}/slnx.sqlite"
- "{{BaseURL}}/.vs/slnx.sqlite"
redirects: true
stop-at-first-match: false
matchers:
- type: dsl
dsl:
- 'contains_all(body, "SQLite format", "TABLE", "UPDATE")'
- 'status_code == 200'
condition: and
# digest: 4a0a0047304502205820a233a73c90310ead0218e59e872d0ac7de13064351153cd5a8b551123e88022100d7e9f673faa55e1d164a409bf32d18f624cb1c7b919b0b147d6a6c1dfe11c4d2:922c64590222798bb761d5b6d8e72950