Create rainloop-default-login.yaml (#4001)

* Create rainloop-default-login.yaml * misc updates * misc fixes Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-03-29 19:17:19 +08:00 · 2022-03-29 19:17:19 +08:00 · 24b76fd68c
parent 21490cbdd0
commit 24b76fd68c
3 changed files with 54 additions and 3 deletions
--- a/cnvd/2021/CNVD-2021-14536.yaml
+++ b/cnvd/2021/CNVD-2021-14536.yaml
@ -7,7 +7,7 @@ info:
  description: Ruijie RG-UAC Unified Internet Behavior Management Audit System is susceptible to information disclosure. Attackers could obtain user accounts and passwords by reviewing the source code of web pages, resulting in the leakage of administrator user authentication information.
  reference: https://www.adminxe.com/2163.html
  metadata:
-    fofa-query: title="RG-UACç»å½é¡µé¢"
+    fofa-query: 'title="RG-UAC登录页面"'
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
    cvss-score: 8.3
--- a/default-logins/emqx/emqx-default-login.yaml
+++ b/default-logins/emqx/emqx-default-login.yaml
@ -6,8 +6,7 @@ info:
  severity: high
  description: Emqx default admin credentials were discovered.
  metadata:
-  name: Emqx Default Login
-    shodan-query: http.favicon.hash:"-670975485"
+    shodan-query: 'http.favicon.hash:"-670975485"'
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
    cvss-score: 8.3
--- a/default-logins/rainloop/rainloop-default-login.yaml
+++ b/default-logins/rainloop/rainloop-default-login.yaml
@ -0,0 +1,52 @@
+id: rainloop-default-login
+
+info:
+  name: Rainloop WebMail Default Login
+  author: For3stCo1d
+  severity: high
+  reference: https://github.com/RainLoop/rainloop-webmail/issues/28
+  metadata:
+    fofa-query: app="RAINLOOP-WebMail"
+  tags: rainloop,webmail,default-login,foss
+
+requests:
+  - raw:
+      - | # Login Portal: /?admin
+        GET /?/AdminAppData@no-mobile-0/0/15503332983847185/ HTTP/1.1
+        Host: {{Hostname}}
+
+      - |
+        POST /?/Ajax/&q[]=/0/ HTTP/2
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+
+        Login={{user}}&Password={{pass}}&Action=AdminLogin&XToken={{token}}
+
+    attack: pitchfork
+    payloads:
+      user:
+        - admin
+
+      pass:
+        - 12345
+
+    cookie-reuse: true
+    extractors:
+      - type: regex
+        name: token
+        internal: true
+        group: 1
+        regex:
+          - 'token":"(.+?)"'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '"Action":"AdminLogin"'
+          - '"Result":true'
+        condition: and
+
+      - type: status
+        status:
+          - 200