2021-01-10 13:11:25 +00:00
|
|
|
id: activemq-default-login
|
|
|
|
|
|
|
|
info:
|
|
|
|
name: Apache ActiveMQ Default Credentials
|
2021-01-10 14:15:36 +00:00
|
|
|
author: pd-team
|
2021-01-10 13:11:25 +00:00
|
|
|
severity: medium
|
2021-02-12 06:19:06 +00:00
|
|
|
tags: apache,activemq,dlogin
|
2021-01-10 13:11:25 +00:00
|
|
|
|
2021-03-11 16:08:29 +00:00
|
|
|
# We could add a request condition block to only send this request if the
|
|
|
|
# site response URL had activeMQ broker stuff in the source.
|
2021-01-10 13:11:25 +00:00
|
|
|
requests:
|
|
|
|
- method: GET
|
|
|
|
path:
|
|
|
|
- '{{BaseURL}}/admin/'
|
|
|
|
headers:
|
|
|
|
Authorization: "Basic YWRtaW46YWRtaW4="
|
|
|
|
matchers:
|
|
|
|
- type: word
|
|
|
|
words:
|
|
|
|
- 'Welcome to the Apache ActiveMQ Console of <b>'
|
|
|
|
- '<h2>Broker</h2>'
|
|
|
|
condition: and
|