Merge pull request #14526 from projectdiscovery/vscode-slnx-sqlite-disclosure

Create vscode-slnx-sqlite-disclosure.yaml
2026-01-31 15:53:33 +08:00 · 2025-12-23 02:00:54 +05:30
parent df4303f630 d14e9c952f
commit 4c03f78b62
1 changed files with 29 additions and 0 deletions
--- a/http/misconfiguration/vscode-slnx-sqlite-disclosure.yaml
+++ b/http/misconfiguration/vscode-slnx-sqlite-disclosure.yaml
@@ -0,0 +1,29 @@
+id: vscode-slnx-sqlite-disclosure
+
+info:
+  name: Visual Studio Code - Slnx.SQLite File Disclosure
+  author: ritikchaddha
+  severity: high
+  description: |
+    Visual Studio Code and Visual Studio may create slnx.sqlite database files that contain solution metadata, project information, and potentially sensitive configuration data. If these files are accessible on a web server, they can expose internal project structure and development environment details.
+  metadata:
+    max-request: 2
+    verified: true
+    fofa-query: title="Visual Studio Code"
+  tags: vscode,visual-studio,sqlite,disclosure,exposure,file
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/slnx.sqlite"
+      - "{{BaseURL}}/.vs/slnx.sqlite"
+
+    redirects: true
+    stop-at-first-match: false
+
+    matchers:
+      - type: dsl
+        dsl:
+          - 'contains_all(body, "SQLite format", "TABLE", "UPDATE")'
+          - 'status_code == 200'
+        condition: and