Merge pull request #6435 from JoshMorrison99/main

Create kanboard-default-login.yaml

default-logins/kanboard-default-login.yaml

@@ -0,0 +1,60 @@
+id: kanboard-default-login
+
+info:
+  name: Kanboard Default Login
+  author: shelled
+  severity: high
+  description: Kanboard default login was discovered.
+  reference:
+    - https://twitter.com/0x_rood/status/1607068644634157059
+    - https://github.com/kanboard/kanboard
+    - https://docs.kanboard.org/v1/admin/installation/
+  metadata:
+    verified: true
+    shodan-query: http.favicon.hash:2056442365
+  tags: default-login,kanboard
+
+requests:
+  - raw:
+      - |
+        GET /?controller=AuthController&action=login HTTP/1.1
+        Host: {{Hostname}}
+
+      - |
+        POST /?controller=AuthController&action=check HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        username={{user}}&password={{pass}}&csrf_token={{csrf_token}}
+
+      - |
+        GET /?controller=DashboardController&action=show HTTP/1.1
+        Host: {{Hostname}}
+
+    attack: pitchfork
+    payloads:
+      user:
+        - admin
+      pass:
+        - admin
+    extractors:
+      - type: regex
+        name: csrf_token
+        part: body
+        internal: true
+        group: 1
+        regex:
+          - "hidden\" name=\"csrf_token\" value=\"([0-9a-z]+)\""
+    cookie-reuse: true
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - 'New project'
+          - 'Project management'
+        condition: and
+        case-insensitive: true
+
+      - type: status
+        status:
+          - 200