wpconfig-aws-keys: AWS S3 keys Leak

日期: 2025-08-01 | 影响软件: wpconfig-aws-keys | POC: 已公开

漏洞描述

AWS S3 keys are exposed.

PoC代码[已公开]

id: wpconfig-aws-keys

info:
  name: AWS S3 keys Leak
  author: r12w4n
  severity: high
  description: AWS S3 keys are exposed.
  metadata:
    max-request: 2
  tags: aws,s3,wordpress,disclosure,exposure,vuln

http:
  - method: GET
    path:
      - '{{BaseURL}}/wp-config.php-backup'
      - "{{BaseURL}}/%c0"

    matchers:
      - type: word
        words:
          - 'access-key-id'
          - 'secret-access-key'
          - 'DB_NAME'
          - 'DB_PASSWORD'
        condition: and
        part: body
# digest: 4b0a00483046022100d6f5cd69127f77da5d4f14355aea61fb8d15b8468991c5c797257ab4ea20d8910221008a7a537b042f322ae87b3a4533b380b4a486285ec9bba49ffa8dd1d074b299ea:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/exposures/configs/wpconfig-aws-keys.yaml