nuclei-templates/http/vulnerabilities/tongda/tongda-session-disclosure.yaml

37 lines
902 B
YAML
Raw Permalink Normal View History

id: tongda-session-disclosure
info:
name: Tongda User Session Disclosure
author: ritikchaddha
severity: medium
2024-01-02 15:45:12 +00:00
description: Tongda User session exposed.
reference:
- https://mp.weixin.qq.com/s/llyGEBRo0t-C7xOLMDYfFQ
metadata:
max-request: 1
2023-10-14 11:27:55 +00:00
tags: tongda,disclosure
http:
- method: POST
path:
- "{{BaseURL}}/general/userinfo.php?UID=1"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"dept_name":"'
- '"online_flag":'
condition: and
- type: word
part: header
words:
- "application/json"
condition: and
- type: status
status:
- 200
# digest: 490a00463044022017c26d6398e65426bb361913d4872533cfb7f5197d2f6e68f0cc8d11f7e7e644022001534ce79ceda586f4e7ec5ced94f698558789b24e8b5df57e0c7480e9ac5916:922c64590222798bb761d5b6d8e72950