Enhancement: default-logins/pentaho/pentaho-default-login.yaml by mp

default-logins/pentaho/pentaho-default-login.yaml

@@ -1,38 +1,47 @@
-id: pentaho-default-login
-
-info:
-  name: Pentaho Default Login
-  author: pussycat0x
-  severity: high
-  metadata:
-    shodan-query: pentaho
-  tags: pentaho,default-login
-
-requests:
-  - raw:
-      - |
-        POST /pentaho/j_spring_security_check HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
-
-        j_username={{user}}&j_password={{pass}}
-
-    attack: pitchfork
-    payloads:
-      user:
-        - admin
-      pass:
-        - password
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: header
-        words:
-          - 'pentaho/Home'
-          - 'JSESSIONID='
-        condition: and
-
-      - type: status
-        status:
-          - 302
+id: pentaho-default-login
+
+info:
+  name: Pentaho Default Login
+  author: pussycat0x
+  description: Pentaho default admin credentials were discovered.
+  severity: high
+  metadata:
+    shodan-query: pentaho
+  tags: pentaho,default-login
+  reference:
+    - https://www.hitachivantara.com/en-us/pdfd/training/pentaho-lesson-1-user-console-overview.pdf
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+    cvss-score: 8.3
+    cve-id:
+    cwe-id: CWE-522
+
+requests:
+  - raw:
+      - |
+        POST /pentaho/j_spring_security_check HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+
+        j_username={{user}}&j_password={{pass}}
+
+    attack: pitchfork
+    payloads:
+      user:
+        - admin
+      pass:
+        - password
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: header
+        words:
+          - 'pentaho/Home'
+          - 'JSESSIONID='
+        condition: and
+
+      - type: status
+        status:
+          - 302
+
+# Enhanced by mp on 2022/03/10