mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-02-09 12:13:30 +08:00
39 lines
1.2 KiB
YAML
39 lines
1.2 KiB
YAML
id: vscode-launch
|
|
|
|
info:
|
|
name: Visual Studio Code launch.json Exposure
|
|
author: DhiyaneshDK
|
|
severity: low
|
|
description: |
|
|
The .vscode/launch.json file, used by Visual Studio Code for debugging configurations, is publicly accessible. This file often contains sensitive information such as local file paths, runtime arguments, environment variables, and sometimes hardcoded credentials or access tokens.
|
|
reference:
|
|
- https://code.visualstudio.com/docs/editor/debugging
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
shodan-query: title:"index" html:".vscode"
|
|
tags: vscode,files,debug,exposure
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/.vscode/launch.json"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- '"version":'
|
|
- '"configurations":'
|
|
condition: and
|
|
|
|
- type: word
|
|
part: content_type
|
|
words:
|
|
- 'application/json'
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# digest: 4a0a00473045022100a98a80e76ba47e4240857ae36e7fe762d9265eff95ba73370786b7d4d08319dc02201423183c03e993256ee9bbadce14d95a563318c9eafd3399de475123a9c35d2a:922c64590222798bb761d5b6d8e72950 |