nuclei-templates/http/vulnerabilities/tongda/tongda-meeting-unauth.yaml

30 lines
1.1 KiB
YAML
Raw Normal View History

2023-09-06 19:45:50 +00:00
id: tongda-meeting-unauth
info:
name: Tongda OA Meeting - Unauthorized Access
author: SleepingBag945
severity: medium
description: |
2023-09-14 19:11:38 +00:00
Tongda Meeting Unauthorized Access were Detected.
2023-09-06 19:45:50 +00:00
reference:
2023-09-14 19:11:38 +00:00
- https://github.com/hktalent/scan4all/blob/2a7faf7862265eab33699034fd193bcf11b44e0f/config/poc/%E9%80%9A%E8%BE%BEoa/%E9%80%9A%E8%BE%BEoa-meeting-unauthorized-access.json#L10
2023-09-06 19:45:50 +00:00
metadata:
verified: true
2023-10-14 11:27:55 +00:00
max-request: 1
2023-09-14 19:11:38 +00:00
fofa-query: app="TDXK-通达OA"
2023-09-06 19:45:50 +00:00
tags: tongda,unauth,misconfig
http:
- method: GET
path:
- "{{BaseURL}}/general/calendar/arrange/get_cal_list.php?starttime=1548058874&endtime=33165447106&view=agendaDay"
matchers:
2023-09-14 19:11:38 +00:00
- type: dsl
dsl:
- status_code == 200 && contains(header, 'application/json')
- contains_all(body, 'creator\":', 'originalTitle\":', 'view\":', 'type\":')
2023-10-14 11:27:55 +00:00
condition: and
# digest: 4a0a00473045022029eb9d9d545baec4d0f578a10dc5d80bec85c87e3f1cf9ba17933bd242cbb164022100d83d82f1c8bde2f33f1bc331ba22cd156b9984612a602d9e47e5599a498f3dbd:922c64590222798bb761d5b6d8e72950