nuclei-templates/exposures/configs/dbeaver-credentials.yaml

43 lines
1.0 KiB
YAML
Raw Normal View History

2021-08-19 11:02:09 +00:00
id: dbeaver-credentials
info:
name: DBeaver - Credentials Discovery
2021-08-19 11:02:09 +00:00
author: geeknik
severity: medium
description: DBeaver credentials were discovered.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
cvss-score: 5.8
cwe-id: CWE-522
2021-08-19 11:04:32 +00:00
tags: exposure,dbeaver
2021-08-19 11:02:09 +00:00
requests:
- method: GET
path:
- "{{BaseURL}}/.dbeaver/credentials-config.json"
2021-08-23 09:39:33 +00:00
# To decode the credentials file, use following command:
# openssl aes-128-cbc -d -K "babb4a9f774ab853c96c2d653dfe544a" -iv 00000000000000000000000000000000 -in credentials-config.json | dd bs=1 skip=16 2>/dev/null
2021-08-19 11:02:09 +00:00
matchers-condition: and
matchers:
- type: status
status:
- 200
2021-08-20 11:07:22 +00:00
2021-08-19 11:02:09 +00:00
- type: word
2022-03-11 12:18:28 +00:00
part: header
2021-08-19 11:02:09 +00:00
words:
- "application/octet-stream"
2021-08-30 09:54:34 +00:00
- type: dsl
dsl:
- 'len(body) > 2'
2022-03-11 12:18:28 +00:00
- type: dsl
dsl:
- "!contains(tolower(body), '<html')"
- "!contains(tolower(body), '<body')"
# Enhanced by mp on 2022/07/15