Update oa-tongda-path-traversal.yaml

2022-05-31 14:51:16 +05:30 · 2022-05-31 14:51:16 +05:30 · c4aec5a0d1
parent 683b511766
commit c4aec5a0d1
1 changed files with 10 additions and 7 deletions
--- a/vulnerabilities/other/oa-tongda-path-traversal.yaml
+++ b/vulnerabilities/other/oa-tongda-path-traversal.yaml
@ -4,7 +4,8 @@ info:
  name: Office Anywhere TongDa - Path Traversal
  author: pikpikcu
  severity: critical
-  description: Office Anywhere (OA) is susceptible to path traversal vulnerabilities which can be leveraged to perform remote code execution.
+  description: |
+    Office Anywhere (OA) is susceptible to path traversal vulnerabilities which can be leveraged to perform remote code execution.
  reference:
    - https://github.com/jas502n/OA-tongda-RCE
  classification:
@ -25,17 +26,19 @@ requests:

    matchers-condition: and
    matchers:
+
      - type: word
-        words:
-          - "text/html"
-        part: header
-        condition: and
-      - type: word
+        part: body
        words:
          - "[mysql]"
          - "password="
-        part: body
        condition: and
+
+      - type: word
+        part: header
+        words:
+          - "text/html"
+
      - type: status
        status:
          - 200