nuclei-templates/http/default-logins/magnolia-default-login.yaml

id: magnolia-default-login

info:
  name: Magnolia Default Login
  author: pussycat0x
  severity: high
  description: Mangnolia CMS default credentials were discovered.
  reference:
    - https://www.magnolia-cms.com/
  metadata:
    verified: "true"
    shodan-query: html:"Magnolia is a registered trademark"
  tags: magnolia,default-login

http:
  - raw:

      - |
        GET /.magnolia/admincentral HTTP/1.1
        Host: {{Hostname}}

      - |
        POST /.magnolia/admincentral HTTP/1.1
        Host: {{Hostname}}
        Cookie: csrf={{csrf}};JSESSIONID={{session}}
        Content-Type: application/x-www-form-urlencoded
        Origin: {{BaseURL}}
        Referer: {{BaseURL}}/.magnolia/admincentral

        mgnlUserId={{username}}&mgnlUserPSWD={{password}}&csrf={{csrf}}

      - |
        GET /.magnolia/admincentral/PUSH?v-uiId=1 HTTP/1.1
        Host: {{Hostname}}
        Cookie: csrf={{csrf}}; JSESSIONID={{session}}

    payloads:
      username:
        - superuser
      password:
        - superuser
    attack: pitchfork

    extractors:
      - type: kval
        name: csrf
        part: header
        internal: true
        kval:
          - csrf

      - type: kval
        name: session
        internal: true
        part: header
        kval:
          - JSESSIONID

    matchers-condition: and
    matchers:
      - type: word
        part: body_3
        words:
          - '"changes":'
          - '"resources":'
        condition: and

      - type: word
        part: header_3
        words:
          - 'application/json'

      - type: status
        status:
          - 200
Magnolia Default Login 2023-03-15 12:54:11 +00:00			`id: magnolia-default-login`

			`info:`
			`name: Magnolia Default Login`
			`author: pussycat0x`
			`severity: high`
			`description: Mangnolia CMS default credentials were discovered.`
			`reference:`
			`- https://www.magnolia-cms.com/`
			`metadata:`
			`verified: "true"`
added condition: and & additional matcher and content-type fix 2023-03-16 02:07:04 +00:00			`shodan-query: html:"Magnolia is a registered trademark"`
Magnolia Default Login 2023-03-15 12:54:11 +00:00			`tags: magnolia,default-login`

Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
Magnolia Default Login 2023-03-15 12:54:11 +00:00			`- raw:`

			`- \|`
			`GET /.magnolia/admincentral HTTP/1.1`
			`Host: {{Hostname}}`

			`- \|`
			`POST /.magnolia/admincentral HTTP/1.1`
			`Host: {{Hostname}}`
			`Cookie: csrf={{csrf}};JSESSIONID={{session}}`
			`Content-Type: application/x-www-form-urlencoded`
			`Origin: {{BaseURL}}`
			`Referer: {{BaseURL}}/.magnolia/admincentral`

			`mgnlUserId={{username}}&mgnlUserPSWD={{password}}&csrf={{csrf}}`

			`- \|`
			`GET /.magnolia/admincentral/PUSH?v-uiId=1 HTTP/1.1`
			`Host: {{Hostname}}`
			`Cookie: csrf={{csrf}}; JSESSIONID={{session}}`

			`payloads:`
			`username:`
			`- superuser`
			`password:`
			`- superuser`
			`attack: pitchfork`

			`extractors:`
			`- type: kval`
			`name: csrf`
			`part: header`
			`internal: true`
			`kval:`
			`- csrf`

			`- type: kval`
			`name: session`
			`internal: true`
			`part: header`
			`kval:`
			`- JSESSIONID`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body_3`
			`words:`
added condition: and & additional matcher and content-type fix 2023-03-16 02:07:04 +00:00			`- '"changes":'`
			`- '"resources":'`
			`condition: and`

			`- type: word`
			`part: header_3`
			`words:`
			`- 'application/json'`
Magnolia Default Login 2023-03-15 12:54:11 +00:00
			`- type: status`
			`status:`
added condition: and & additional matcher and content-type fix 2023-03-16 02:07:04 +00:00			`- 200`