admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-01-31 15:53:33 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
k8x-opencode
nuclei-templates/http/misconfiguration/vercel-source-exposure.yaml
ghost 3c29bfc0cb chore: sign templates 🤖
2025-10-26 16:17:37 +00:00

38 lines
1.1 KiB
YAML
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
id: vercel-source-exposure
info:
name: Vercel Source Code Exposure
author: hlop
severity: medium
description: |
The Vercel Source Code Exposure misconfiguration allows an attacker to access sensitive source code files on the Vercel platform.
reference:
- https://vercel.com/docs/projects/overview#logs-and-source-protection
metadata:
max-request: 1
fofa-query: cname_domain="vercel.app" || icon_hash="-2070047203"
tags: vercel,exposure,misconfig,vuln
http:
- method: GET
path:
- "{{BaseURL}}/_src"
redirects: true
max-redirects: 3
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Deployment Source</title>"
- "Deployment Source Dashboard Vercel"
condition: or
- type: word
part: body
words:
- "<title>Login Vercel</title>"
negative: true
# digest: 4b0a00483046022100b513f8617c79e4f1be32b8e2cd6a8bf5f90e066e14d8eba34c817b435a504aad022100c7991a51403dbb2f9eeff3e117315fdea7b1a6a2e1e49190d1764bff40c8a529:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink