Merge pull request #2951 from pdelteil/patch-80

Create microstrategy-detect.yaml
2021-10-22 22:46:30 +05:30 · 2021-10-22 22:46:30 +05:30 · 2f53d69e3f
parent fc1b7a658c 2e2910b640
commit 2f53d69e3f
1 changed files with 55 additions and 0 deletions
--- a/technologies/microstrategy-detect.yaml
+++ b/technologies/microstrategy-detect.yaml
@ -0,0 +1,55 @@
+id: microstrategy-detect
+
+info:
+  name: MicroStrategy Instances Detection Template
+  author: philippedelteil,Retr02332
+  severity: info
+  description: Detect if MicroStrategy instances exist in your URLS
+  tags: microstrategy,panel
+
+requests:
+  - method: GET
+
+    path:
+      - "{{BaseURL}}/{{path}}"
+
+    payloads:
+      path:
+        - MicroStrategy/servlet/mstrWebAdmin/
+        - MicroStrategy/servlet/mstrWebAdmin
+        - MicroStrategy/servlet/taskProc/
+        - MicroStrategy/servlet/taskProc
+        - MicroStrategy/servlet/mstrWeb/
+        - MicroStrategy/servlet/mstrWeb
+        - MicroStrategy/
+        - MicroStrategy
+        - servlet/mstrWebAdmin/
+        - servlet/mstrWebAdmin
+        - servlet/taskProc/
+        - servlet/taskProc
+        - servlet/mstrWeb/
+        - servlet/mstrWeb
+        - asp/Main.aspx
+        - MicroStrategy/asp
+
+    stop-at-first-match: true
+    matchers:
+      - type: dsl
+        condition: or
+        dsl:
+          - 'contains(body, "MicroStrategy, Incorporated.")'
+          - 'contains(body, "microstrategy.servletName")'
+          - 'contains(body, "mstrHiddenInput")'
+
+    extractors:
+      - type: regex
+        part: body
+        group: 1
+        regex:
+          - 'ProductHelp/([0-9.A-Z]+)'
+
+      - type: regex
+        part: body
+        group: 1
+        regex:
+          - 'WELCOME. MicroStrategy ([0-9]+)'