mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-01-31 15:53:33 +08:00
37 lines
1.1 KiB
YAML
37 lines
1.1 KiB
YAML
id: imageresizer-debug-exposure
|
|
|
|
info:
|
|
name: ImageResizer Debug - Information Exposure
|
|
author: ritikchaddha
|
|
severity: low
|
|
description: The ImageResizer debug endpoint exposes sensitive server configuration and path information.
|
|
reference:
|
|
- https://world.optimizely.com/blogs/Eric-Pettersson/Dates/2016/4/hide-resizer-debug-ashx-from-your-website/
|
|
metadata:
|
|
verified: true
|
|
max-request: 2
|
|
fofa-query: title="ImageResizer"
|
|
tags: exposure,debug,imageresizer,config
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/resizer.debug.ashx"
|
|
- "{{BaseURL}}/resizer.debug"
|
|
|
|
stop-at-first-match: true
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "ImageResizer."
|
|
- "Diagnostics"
|
|
- "Configuration:"
|
|
- "Registered plugins:"
|
|
condition: and
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# digest: 490a00463044022010d4c3a915ec3ef4f0c0b4b16ae983564be5bf48191c1c50274f7fecced8cafb022010607a1eb2310efc80d684549c5fc4b65dd59eb2d57417cca7a225b0fa46d763:922c64590222798bb761d5b6d8e72950 |