Merge pull request #2858 from ethanous/update_default_logins_user_pass
Modified most of the default_logins templates to output username and …patch-1
Prince Chaddha
GitHub
commit
38948ce4d1
|
|
@ -7,16 +7,27 @@ info:
|
|||
tags: ucmdb,default-login
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/ucmdb-ui/cms/loginRequest.do;"
|
||||
body: "customerID=1&isEncoded=false&userName=diagnostics&password=YWRtaW4=&ldapServerName=UCMDB"
|
||||
- raw:
|
||||
- |
|
||||
POST /ucmdb-ui/cms/loginRequest.do; HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
customerID=1&isEncoded=false&userName={{username}}&password={{base64(password)}}&ldapServerName=UCMDB
|
||||
|
||||
attack: pitchfork
|
||||
payloads:
|
||||
username:
|
||||
- diagnostics
|
||||
password:
|
||||
- admin
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "LWSSO_COOKIE_KEY"
|
||||
part: header
|
||||
|
|
|
|||
|
|
@ -17,23 +17,18 @@ requests:
|
|||
Accept: application/json, text/plain, */*
|
||||
Content-Type: application/json
|
||||
|
||||
{"userName":"admin","password":"cs141-snmp"}
|
||||
{"userName":"{{user}}","password":"{{pass}}"}
|
||||
|
||||
- |
|
||||
POST /api/login HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Accept: application/json, text/plain, */*
|
||||
Content-Type: application/json
|
||||
|
||||
{"userName":"engineer","password":"engineer"}
|
||||
|
||||
- |
|
||||
POST /api/login HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Accept: application/json, text/plain, */*
|
||||
Content-Type: application/json
|
||||
|
||||
{"userName":"guest","password":"guest"}
|
||||
attack: pitchfork
|
||||
payloads:
|
||||
user:
|
||||
- admin
|
||||
- engineer
|
||||
- guest
|
||||
pass:
|
||||
- cs141-snmp
|
||||
- engineer
|
||||
- guest
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
|
|
|
|||
|
|
@ -7,14 +7,23 @@ info:
|
|||
tags: apache,activemq,default-login
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/admin/'
|
||||
headers:
|
||||
Authorization: "Basic YWRtaW46YWRtaW4="
|
||||
- raw:
|
||||
- |
|
||||
GET /admin/ HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Authorization: Basic {{base64(username + ':' + password)}}
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- user
|
||||
- admin
|
||||
password:
|
||||
- user
|
||||
- admin
|
||||
attack: pitchfork
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- 'Welcome to the Apache ActiveMQ Console of <b>'
|
||||
- '<h2>Broker</h2>'
|
||||
condition: and
|
||||
condition: and
|
||||
|
|
@ -4,7 +4,7 @@ info:
|
|||
name: Adobe AEM Default Login
|
||||
author: random-robbie
|
||||
severity: critical
|
||||
tags: aem,default-login,fuzz
|
||||
tags: aem,default-login
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
@ -15,35 +15,22 @@ requests:
|
|||
Origin: {{BaseURL}}
|
||||
Referer: {{BaseURL}}/libs/granite/core/content/login.html
|
||||
|
||||
_charset_=utf-8&j_username={{rr_username}}&j_password={{rr_password}}&j_validate=true
|
||||
_charset_=utf-8&j_username={{aem_user}}&j_password={{aem_pass}}&j_validate=true
|
||||
|
||||
attack: pitchfork
|
||||
payloads:
|
||||
|
||||
rr_username:
|
||||
aem_user:
|
||||
- admin
|
||||
- grios
|
||||
- replication-receiver
|
||||
- vgnadmin
|
||||
- aparker@geometrixx.info
|
||||
- jdoe@geometrixx.info
|
||||
- james.devore@spambob.com
|
||||
- matt.monroe@mailinator.com
|
||||
- aaron.mcdonald@mailinator.com
|
||||
- jason.werner@dodgit.com
|
||||
|
||||
rr_password:
|
||||
aem_pass:
|
||||
- admin
|
||||
- password
|
||||
- replication-receiver
|
||||
- vgnadmin
|
||||
- aparker
|
||||
- jdoe
|
||||
- password
|
||||
- password
|
||||
- password
|
||||
- password
|
||||
|
||||
attack: pitchfork # Available options: sniper, pitchfork and clusterbomb
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
|
@ -53,7 +40,7 @@ requests:
|
|||
|
||||
- type: word
|
||||
part: header
|
||||
condition: and
|
||||
words:
|
||||
- login-token
|
||||
- crx.default
|
||||
condition: and
|
||||
|
|
|
|||
|
|
@ -7,21 +7,29 @@ info:
|
|||
tags: alibaba,default-login
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/api/v1/user/login"
|
||||
headers:
|
||||
Content-Type: application/json
|
||||
body: |
|
||||
{"username":"admin","password":"123456"}
|
||||
- raw:
|
||||
- |
|
||||
POST /api/v1/user/login HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/json
|
||||
|
||||
{"username":"{{user}}","password":"{{pass}}"}
|
||||
|
||||
attack: pitchfork
|
||||
payloads:
|
||||
user:
|
||||
- admin
|
||||
pass:
|
||||
- 123456
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
condition: and
|
||||
words:
|
||||
- 'data":{"token"'
|
||||
- '"code":20000'
|
||||
condition: and
|
||||
|
|
|
|||
|
|
@ -7,11 +7,17 @@ info:
|
|||
tags: ambari,default-login
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/api/v1/users/admin?fields=*,privileges/PrivilegeInfo/cluster_name,privileges/PrivilegeInfo/permission_name'
|
||||
headers:
|
||||
Authorization: "Basic YWRtaW46YWRtaW4="
|
||||
- raw:
|
||||
- |
|
||||
GET /api/v1/users/admin?fields=*,privileges/PrivilegeInfo/cluster_name,privileges/PrivilegeInfo/permission_name HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Authorization: Basic {{base64(username + ':' + password)}}
|
||||
payloads:
|
||||
username:
|
||||
- admin
|
||||
password:
|
||||
- admin
|
||||
attack: pitchfork
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
|
|
|
|||
|
|
@ -21,8 +21,14 @@ requests:
|
|||
Content-Type: application/x-www-form-urlencoded
|
||||
Referer: {{BaseURL}}/admin/airflow/login
|
||||
|
||||
username=airflow&password=airflow&_csrf_token={{csrf_token}}
|
||||
username={{username}}&password={{password}}&_csrf_token={{csrf_token}}
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- airflow
|
||||
password:
|
||||
- airflow
|
||||
attack: pitchfork
|
||||
extractors:
|
||||
- type: regex
|
||||
name: csrf_token
|
||||
|
|
|
|||
|
|
@ -21,11 +21,18 @@ requests:
|
|||
Content-Type: application/x-www-form-urlencoded
|
||||
Referer: {{BaseURL}}/admin/airflow/login
|
||||
|
||||
csrf_token={{csrff_token}}&username=admin&password=admin
|
||||
csrf_token={{csrf_token}}&username={{username}}&password={{password}}
|
||||
|
||||
attack: pitchfork
|
||||
payloads:
|
||||
username:
|
||||
- admin
|
||||
password:
|
||||
- admin
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
name: csrff_token
|
||||
name: csrf_token
|
||||
group: 1
|
||||
part: body
|
||||
internal: true
|
||||
|
|
|
|||
|
|
@ -7,23 +7,31 @@ info:
|
|||
tags: arl,default-login
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/api/user/login"
|
||||
headers:
|
||||
Content-Type: application/json; charset=UTF-8
|
||||
body: |
|
||||
{"username":"admin","password":"arlpass"}
|
||||
- raw:
|
||||
- |
|
||||
POST /api/user/login HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/json; charset=UTF-8
|
||||
|
||||
{"username":"{{username}}","password":"{{password}}"}
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- admin
|
||||
password:
|
||||
- arlpass
|
||||
attack: pitchfork
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: word
|
||||
condition: and
|
||||
words:
|
||||
- '"message": "success"'
|
||||
- '"username": "admin"'
|
||||
- '"type": "login"'
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
|
|
|||
|
|
@ -7,13 +7,27 @@ info:
|
|||
tags: axis,apache,default-login
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/axis2-admin/login"
|
||||
- "{{BaseURL}}/axis2/axis2-admin/login"
|
||||
headers:
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
body: "userName=admin&password=axis2&submit=+Login+"
|
||||
- raw:
|
||||
- |
|
||||
POST /axis2-admin/login HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
loginUsername={{username}}&loginPassword={{password}}
|
||||
|
||||
- |
|
||||
POST /axis2/axis2-admin/login HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
userName={{username}}&password={{password}}&submit=+Login+
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- admin
|
||||
password:
|
||||
- axis2
|
||||
attack: pitchfork
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
|
|
|||
|
|
@ -14,8 +14,14 @@ requests:
|
|||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
|
||||
|
||||
action=login&username=admin&password=admin
|
||||
action=login&username={{username}}&password={{password}}
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- admin
|
||||
password:
|
||||
- admin
|
||||
attack: pitchfork
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
|
|
|
|||
|
|
@ -7,15 +7,26 @@ info:
|
|||
tags: chinaunicom,default-login
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/cu.html"
|
||||
body: "frashnum=&action=login&Frm_Logintoken=1&Username=CUAdmin&Password=CUAdmin&Username=&Password="
|
||||
- raw:
|
||||
- |
|
||||
POST /cu.html HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
frashnum=&action=login&Frm_Logintoken=1&Username={{username}}&Password={{password}}&Username=&Password=
|
||||
|
||||
attack: pitchfork
|
||||
payloads:
|
||||
username:
|
||||
- CUAdmin
|
||||
password:
|
||||
- CUAdmin
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 302
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "/menu.gch"
|
||||
|
|
|
|||
|
|
@ -6,11 +6,19 @@ info:
|
|||
tags: dell,idrac,default-login
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/data/login"
|
||||
- raw:
|
||||
- |
|
||||
POST /data/login HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
body: "user=root&password=calvin"
|
||||
user={{username}}&password={{password}}
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- root
|
||||
password:
|
||||
- calvin
|
||||
attack: pitchfork
|
||||
|
||||
headers:
|
||||
Content-Type: "application/x-www-form-urlencode"
|
||||
|
|
|
|||
|
|
@ -11,8 +11,15 @@ requests:
|
|||
- |
|
||||
POST /sysmgmt/2015/bmc/session HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
User: "root"
|
||||
Password: "calvin"
|
||||
User: "{{username}}"
|
||||
Password: "{{password}}"
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- root
|
||||
password:
|
||||
- calvin
|
||||
attack: pitchfork
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
|
|
|||
|
|
@ -9,11 +9,18 @@ info:
|
|||
tags: dell,emc,ecom,default-login
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}'
|
||||
headers:
|
||||
Authorization: Basic YWRtaW46IzFQYXNzd29yZA==
|
||||
- raw:
|
||||
- |
|
||||
GET / HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Authorization: Basic {{base64(username + ':' + password)}}
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- root
|
||||
password:
|
||||
- calvin
|
||||
attack: pitchfork
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
|
|
|||
|
|
@ -7,12 +7,25 @@ info:
|
|||
tags: druid,default-login
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/druid/submitLogin"
|
||||
- "{{BaseURL}}/submitLogin"
|
||||
- raw:
|
||||
- |
|
||||
POST /druid/submitLogin HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
body: "loginUsername=admin&loginPassword=admin"
|
||||
loginUsername={{username}}&loginPassword={{password}}
|
||||
|
||||
- |
|
||||
POST /submitLogin HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
loginUsername={{username}}&loginPassword={{password}}
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- admin
|
||||
password:
|
||||
- admin
|
||||
attack: pitchfork
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
|
|
|||
|
|
@ -20,7 +20,14 @@ requests:
|
|||
Cookie: PHPSESSID={{session}}; security=low
|
||||
Connection: close
|
||||
|
||||
username=admin&password=password&Login=Login&user_token={{token}}
|
||||
username={{username}}&password={{password}}&Login=Login&user_token={{token}}
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- admin
|
||||
password:
|
||||
- password
|
||||
attack: pitchfork
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
|
|
|
|||
|
|
@ -15,7 +15,14 @@ requests:
|
|||
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
|
||||
Connection: close
|
||||
|
||||
action=login&u=admin&p=admin256
|
||||
action=login&u={{username}}&p={{password}}
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- admin
|
||||
password:
|
||||
- admin256
|
||||
attack: pitchfork
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
|
|
|||
|
|
@ -14,7 +14,14 @@ requests:
|
|||
Accept: */*
|
||||
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
|
||||
|
||||
user_name=admin&user_password=admin
|
||||
user_name={{username}}&user_password={{password}}
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- admin
|
||||
password:
|
||||
- admin
|
||||
attack: pitchfork
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
|
|
|||
|
|
@ -8,11 +8,18 @@ info:
|
|||
reference: https://github.com/fatedier/frp/issues/1840
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/api/proxy/tcp"
|
||||
headers:
|
||||
Authorization: "Basic YWRtaW46YWRtaW4="
|
||||
- raw:
|
||||
- |
|
||||
GET /api/proxy/tcp HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Authorization: Basic {{base64(username + ':' + password)}}
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- admin
|
||||
password:
|
||||
- admin
|
||||
attack: pitchfork
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
|
|
|||
|
|
@ -17,13 +17,13 @@ requests:
|
|||
Referer: {{BaseURL}}
|
||||
content-type: application/json
|
||||
|
||||
{"grant_type":"password","username":"§gitlab_user§","password":"§gitlab_password§"}
|
||||
{"grant_type":"password","username":"{{username}}","password":"{{password}}"}
|
||||
|
||||
payloads:
|
||||
gitlab_password:
|
||||
password:
|
||||
- 12345
|
||||
- 123456789
|
||||
gitlab_user:
|
||||
username:
|
||||
- 1234
|
||||
- admin
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
id: glpi-default-login
|
||||
|
||||
info:
|
||||
name: GLPI Default Login
|
||||
author: andysvints
|
||||
|
|
@ -20,10 +21,14 @@ requests:
|
|||
Content-Type: application/x-www-form-urlencoded
|
||||
Referer: {{BaseURL}}
|
||||
|
||||
{{name}}=glpi&{{password}}=glpi&auth=local&submit=Submit&_glpi_csrf_token={{token}}
|
||||
{{name}}={{user}}&{{password}}={{pass}}&auth=local&submit=Submit&_glpi_csrf_token={{token}}
|
||||
|
||||
cookie-reuse: true
|
||||
redirects: true
|
||||
attack: pitchfork
|
||||
payloads:
|
||||
user:
|
||||
- glpi
|
||||
pass:
|
||||
- glpi
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
|
|
@ -50,11 +55,13 @@ requests:
|
|||
regex:
|
||||
- "type=\"password\" name=\"([0-9a-z]+)\" id=\"login_password\" required=\"required\""
|
||||
|
||||
cookie-reuse: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '<title>GLPI - Standard Interface</title>'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
|
|
|||
|
|
@ -19,15 +19,17 @@ requests:
|
|||
Referer: {{BaseURL}}
|
||||
content-type: application/json
|
||||
|
||||
{"user":"admin","password":"§grafana_password§"}
|
||||
|
||||
{"user":"{{username}}","password":"{{password}}"}
|
||||
|
||||
attack: pitchfork
|
||||
payloads:
|
||||
grafana_password:
|
||||
- prom-operator
|
||||
username:
|
||||
- admin
|
||||
- admin
|
||||
|
||||
attack: sniper
|
||||
password:
|
||||
- prom-operator
|
||||
- admin
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
|
|
|||
|
|
@ -16,7 +16,14 @@ requests:
|
|||
Origin: {{Hostname}}
|
||||
Referer: {{Hostname}}
|
||||
|
||||
username=guacadmin&password=guacadmin
|
||||
username={{username}}&password={{password}}
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- guacadmin
|
||||
password:
|
||||
- guacadmin
|
||||
attack: pitchfork
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
|
|
|||
|
|
@ -11,17 +11,26 @@ requests:
|
|||
- |
|
||||
GET / HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Authorization: Basic Z3Vlc3Q6Z3Vlc3Q=
|
||||
Authorization: Basic {{base64(username + ':' + password)}}
|
||||
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
|
||||
Accept-Encoding: gzip, deflate
|
||||
|
||||
- |
|
||||
GET / HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Authorization: Basic YWRtaW46YWRtaW4=
|
||||
Authorization: Basic {{base64(username + ':' + password)}}
|
||||
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
|
||||
Accept-Encoding: gzip, deflate
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- guest
|
||||
- admin
|
||||
password:
|
||||
- guest
|
||||
- admin
|
||||
attack: pitchfork
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
|
|
|
|||
|
|
@ -9,11 +9,18 @@ info:
|
|||
tags: hortonworks,smartsense,default-login
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/apt/v1/context'
|
||||
headers:
|
||||
Authorization: Basic YWRtaW46YWRtaW4=
|
||||
- raw:
|
||||
- |
|
||||
GET /apt/v1/context HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Authorization: Basic {{base64(username + ':' + password)}}
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- admin
|
||||
password:
|
||||
- admin
|
||||
attack: pitchfork
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
|
|
|||
|
|
@ -14,7 +14,13 @@ requests:
|
|||
POST /htdocs/login/login.lua HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
username=admin&password=
|
||||
username={{username}}&password=
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- admin
|
||||
|
||||
attack: sniper
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
|
|
|||
|
|
@ -14,7 +14,14 @@ requests:
|
|||
Origin: {{BaseURL}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
j_username=admin&j_password=admin&continue=&submit=submit+form
|
||||
j_username={{username}}&j_password={{password}}&continue=&submit=submit+form
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- admin
|
||||
password:
|
||||
- admin
|
||||
attack: pitchfork
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
|
|
|||
|
|
@ -9,11 +9,17 @@ info:
|
|||
tags: idemia,biometrics,default-login
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- '{{BaseURL}}/cgi-bin/login.cgi'
|
||||
- raw:
|
||||
- |
|
||||
POST /cgi-bin/login.cgi HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
body: password=12345
|
||||
password={{password}}
|
||||
|
||||
payloads:
|
||||
password:
|
||||
- 12345
|
||||
attack: sniper
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
|
|
|||
|
|
@ -13,7 +13,14 @@ requests:
|
|||
Host: {{Hostname}}
|
||||
Referer: {{BaseURL}}/sess-bin/login_session.cgi
|
||||
|
||||
username=admin&passwd=admin
|
||||
username={{username}}&passwd={{password}}
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- admin
|
||||
password:
|
||||
- admin
|
||||
attack: pitchfork
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
|
|
|||
|
|
@ -18,21 +18,22 @@ requests:
|
|||
Content-Type: application/x-www-form-urlencoded
|
||||
Cookie: {{cookie}}
|
||||
|
||||
j_username=admin&j_password=admin&from=%2F&Submit=Sign+in
|
||||
|
||||
- |
|
||||
POST /j_spring_security_check HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
Cookie: {{cookie}}
|
||||
|
||||
j_username=jenkins&j_password=password&from=%2F&Submit=Sign+in
|
||||
j_username={{username}}&j_password={{password}}&from=%2F&Submit=Sign+in
|
||||
|
||||
- |
|
||||
GET / HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Cookie: {{cookie}}
|
||||
|
||||
attack: pitchfork
|
||||
payloads:
|
||||
username:
|
||||
- admin
|
||||
- jenkins
|
||||
password:
|
||||
- admin
|
||||
- password
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
name: cookie
|
||||
|
|
@ -44,7 +45,7 @@ requests:
|
|||
req-condition: true
|
||||
matchers:
|
||||
- type: dsl
|
||||
condition: and
|
||||
dsl:
|
||||
- 'contains(body_4, "/logout")'
|
||||
- 'contains(body_4, "Dashboard [Jenkins]")'
|
||||
condition: and
|
||||
- 'contains(body_3, "/logout")'
|
||||
- 'contains(body_3, "Dashboard [Jenkins]")'
|
||||
|
|
|
|||
|
|
@ -7,23 +7,20 @@ info:
|
|||
tags: default-login,minio
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/minio/webrpc"
|
||||
- raw:
|
||||
- |
|
||||
POST /minio/webrpc HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/json
|
||||
|
||||
headers:
|
||||
Content-Type: application/json
|
||||
{"id":1,"jsonrpc":"2.0","params":{"username":"{{username}}","password":"{{password}}"},"method":"Web.Login"}
|
||||
|
||||
body: '{"id":1,"jsonrpc":"2.0","params":{"username":"minioadmin","password":"minioadmin"},"method":"Web.Login"}'
|
||||
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/minio/webrpc"
|
||||
|
||||
headers:
|
||||
Content-Type: application/json
|
||||
|
||||
body: '{"id":1,"jsonrpc":"2.0","params":{"username":"minioadmin","password":"minioadmin"},"method":"web.Login"}'
|
||||
payloads:
|
||||
username:
|
||||
- minioadmin
|
||||
password:
|
||||
- minioadmin
|
||||
attack: pitchfork
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
|
|
|||
|
|
@ -6,17 +6,27 @@ info:
|
|||
tags: nagios,default-login
|
||||
reference: https://www.nagios.org
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/nagios/side.php"
|
||||
headers:
|
||||
Authorization: Basic bmFnaW9zYWRtaW46bmFnaW9zYWRtaW4=
|
||||
- raw:
|
||||
- |
|
||||
GET /nagios/side.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Authorization: Basic {{base64(username + ':' + password)}}
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- nagiosadmin
|
||||
- root
|
||||
password:
|
||||
- nagiosadmin
|
||||
- nagiosxi
|
||||
attack: pitchfork
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- 'Current Status'
|
||||
|
|
|
|||
|
|
@ -14,7 +14,14 @@ requests:
|
|||
X-Nexus-UI: true
|
||||
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
|
||||
|
||||
username=YWRtaW4%3D&password=YWRtaW4xMjM%3D
|
||||
username={{base64(username)}}&password={{base64(password)}}
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- admin
|
||||
password:
|
||||
- admin123
|
||||
attack: pitchfork
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
|
|
|||
|
|
@ -7,13 +7,21 @@ info:
|
|||
tags: nps,default-login
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/login/verify"
|
||||
body: "username=admin&password=123"
|
||||
headers:
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
Referer: "{{Hostname}}/login/index"
|
||||
- raw:
|
||||
- |
|
||||
POST /login/verify HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
Referer: {{Hostname}}/login/index
|
||||
|
||||
username={{username}}&password={{password}}
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- admin
|
||||
password:
|
||||
- 123
|
||||
attack: pitchfork
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
|
|
|||
|
|
@ -7,12 +7,21 @@ info:
|
|||
tags: ofbiz,default-login
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- '{{BaseURL}}/control/login'
|
||||
headers:
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
body: USERNAME=admin&PASSWORD=ofbiz&FTOKEN=&JavaScriptEnabled=Y
|
||||
- raw:
|
||||
- |
|
||||
POST /control/login HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
USERNAME={{username}}&PASSWORD={{password}}&FTOKEN=&JavaScriptEnabled=Y
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- admin
|
||||
password:
|
||||
- ofbiz
|
||||
attack: pitchfork
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
|
|
|
|||
|
|
@ -19,13 +19,20 @@ requests:
|
|||
<soapenv:Header/>
|
||||
<soapenv:Body>
|
||||
<rep:createSession soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
|
||||
<username xsi:type="xsd:string">Administrator</username>
|
||||
<password xsi:type="xsd:string">Administrator</password>
|
||||
<username xsi:type="xsd:string">{{username}}</username>
|
||||
<password xsi:type="xsd:string">{{password}}</password>
|
||||
<domain xsi:type="xsd:string">bi</domain>
|
||||
</rep:createSession>
|
||||
</soapenv:Body>
|
||||
</soapenv:Envelope>
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- Administrator
|
||||
password:
|
||||
- Administrator
|
||||
attack: pitchfork
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
|
|
|
|||
|
|
@ -9,11 +9,20 @@ info:
|
|||
tags: paloalto,panos,default-login
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- '{{BaseURL}}/php/login.php'
|
||||
- raw:
|
||||
- |
|
||||
POST /php/login.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
body: user=admin&passwd=admin&challengePwd=&ok=Login
|
||||
user={{username}}&passwd={{password}}&challengePwd=&ok=Login
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- admin
|
||||
password:
|
||||
- admin
|
||||
attack: pitchfork
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
|
|
|||
|
|
@ -19,15 +19,22 @@ requests:
|
|||
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
|
||||
|
||||
------WebKitFormBoundaryAjZMsILtbrBp8VbC
|
||||
Content-Disposition: form-data; name="username"
|
||||
Content-Disposition: form-data; name="{{username}}"
|
||||
|
||||
admin
|
||||
------WebKitFormBoundaryAjZMsILtbrBp8VbC
|
||||
Content-Disposition: form-data; name="password"
|
||||
Content-Disposition: form-data; name="{{password}}"
|
||||
|
||||
panabit
|
||||
------WebKitFormBoundaryAjZMsILtbrBp8VbC--
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- username
|
||||
password:
|
||||
- password
|
||||
attack: pitchfork
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
|
|
|
|||
|
|
@ -7,11 +7,20 @@ info:
|
|||
tags: rabbitmq,default-login
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/api/whoami"
|
||||
headers:
|
||||
Authorization: "Basic Z3Vlc3Q6Z3Vlc3Q="
|
||||
- raw:
|
||||
- |
|
||||
GET /api/whoami HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
Authorization: Basic {{base64(username + ':' + password)}}
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- guest
|
||||
password:
|
||||
- guest
|
||||
attack: pitchfork
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
|
|
|
|||
|
|
@ -14,7 +14,12 @@ requests:
|
|||
Host: {{Hostname}}
|
||||
Cookie: cookieOnOffChecker=on;
|
||||
|
||||
wimToken=&userid_work=&userid=YWRtaW4%3D&password_work=&password=&open=
|
||||
wimToken=&userid_work=&userid={{base64(username)}}&password_work=&password=&open=
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- admin
|
||||
attack: pitchfork
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
|
|
|||
|
|
@ -14,7 +14,14 @@ requests:
|
|||
Content-Type: application/x-www-form-urlencoded
|
||||
Referer: {{Hostname}}/index.php?action=login.index
|
||||
|
||||
more=0&host=0&username=admin&password=admin&db=&lang=en_us&expire=3
|
||||
more=0&host=0&username={{username}}&password={{password}}&db=&lang=en_us&expire=3
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- admin
|
||||
password:
|
||||
- admin
|
||||
attack: pitchfork
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
|
|
|||
|
|
@ -8,18 +8,28 @@ info:
|
|||
tags: samsung,default-login
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/main.ehp"
|
||||
body: "httpd;General;lang=en&login_id=root&login_pw=sweap12~"
|
||||
- raw:
|
||||
- |
|
||||
POST /main.ehp HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
httpd;General;lang=en&login_id={{username}}&login_pw={{password}}
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- root
|
||||
password:
|
||||
- sweap12~
|
||||
attack: pitchfork
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "document.formParent2.changepasswd1.value"
|
||||
- "passwd_change.ehp"
|
||||
part: body
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
|
|
|||
|
|
@ -9,14 +9,21 @@ info:
|
|||
tags: showdoc,default-login
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/server/index.php?s=/api/user/login"
|
||||
body: |
|
||||
username=showdoc&password=123456&v_code=
|
||||
- raw:
|
||||
- |
|
||||
POST /server/index.php?s=/api/user/login HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
|
||||
|
||||
username={{username}}&password={{password}}&v_code=
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- showdoc
|
||||
password:
|
||||
- 123456
|
||||
attack: pitchfork
|
||||
|
||||
headers:
|
||||
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
|
|
|
|||
|
|
@ -12,12 +12,22 @@ info:
|
|||
# {"PollerType":"Hello, world! from nuclei :-P", "NetObject":"N:1337", "NetObjectType":"N", "NetObjectID":1337}
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/SolarWinds/InformationService/v3/Json/Query?query=SELECT+Uri+FROM+Orion.Pollers+ORDER+BY+PollerID+WITH+ROWS+1+TO+3+WITH+TOTALROWS" # First path is default base path
|
||||
- "{{BaseURL}}/InformationService/v3/Json/Query?query=SELECT+Uri+FROM+Orion.Pollers+ORDER+BY+PollerID+WITH+ROWS+1+TO+3+WITH+TOTALROWS"
|
||||
headers:
|
||||
Authorization: "Basic YWRtaW46"
|
||||
- raw:
|
||||
- |
|
||||
GET /SolarWinds/InformationService/v3/Json/Query?query=SELECT+Uri+FROM+Orion.Pollers+ORDER+BY+PollerID+WITH+ROWS+1+TO+3+WITH+TOTALROWS HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Authorization: Basic {{base64(username)}}
|
||||
|
||||
- |
|
||||
GET /InformationService/v3/Json/Query?query=SELECT+Uri+FROM+Orion.Pollers+ORDER+BY+PollerID+WITH+ROWS+1+TO+3+WITH+TOTALROWS HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Authorization: Basic {{base64(username)}}
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- admin
|
||||
attack: pitchfork
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
|
|
|
|||
|
|
@ -13,7 +13,14 @@ requests:
|
|||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
data%5Bbutton%5D=submit&data%5BUser%5D%5Busername%5D=spadmin&data%5BUser%5D%5Bpassword%5D=admin123
|
||||
data%5Bbutton%5D=submit&data%5BUser%5D%5Busername%5D={{username}}&data%5BUser%5D%5Bpassword%5D={{password}}
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- spadmin
|
||||
password:
|
||||
- admin123
|
||||
attack: pitchfork
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
|
|
|||
|
|
@ -9,13 +9,20 @@ info:
|
|||
- https://github.com/Cl0udG0d/SZhe_Scan # vendor homepage
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/login/"
|
||||
headers:
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
body: |
|
||||
email=springbird@qq.com&password=springbird&remeber=true
|
||||
- raw:
|
||||
- |
|
||||
POST /login/ HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
email={{username}}&password={{password}}&remeber=true
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- springbird@qq.com
|
||||
password:
|
||||
- springbird
|
||||
attack: pitchfork
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
|
|
|||
|
|
@ -24,7 +24,14 @@ requests:
|
|||
Referer: {{RootURL}}/super/login.html?lang=en
|
||||
Cookie: JSESSIONID={{session}} ; VidyoPortalSuperLanguage=en
|
||||
|
||||
username=super&password=password
|
||||
username={{username}}&password={{password}}
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- super
|
||||
password:
|
||||
- password
|
||||
attack: pitchfork
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
|
|
|
|||
|
|
@ -16,7 +16,14 @@ requests:
|
|||
Content-Type: application/json
|
||||
Cookie: trilithic_win_auth=false
|
||||
|
||||
{u:"admin", t:"undefined", p:"trilithic", d:"", r:false, w:false}
|
||||
{u:"{{username}}", t:"undefined", p:"{{password}}", d:"", r:false, w:false}
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- admin
|
||||
password:
|
||||
- trilithic
|
||||
attack: pitchfork
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
|
|
|||
|
|
@ -9,11 +9,18 @@ info:
|
|||
reference: https://www.qognify.com/products/visionhub/
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- '{{BaseURL}}/VisionHubWebApi/api/Login'
|
||||
headers:
|
||||
Authorization: Basic YWRtaW46YWRtaW4=
|
||||
- raw:
|
||||
- |
|
||||
POST /VisionHubWebApi/api/Login HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Authorization: Basic {{base64(username + ':' + password)}}
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- admin
|
||||
password:
|
||||
- admin
|
||||
attack: pitchfork
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
|
|
|||
|
|
@ -16,7 +16,14 @@ requests:
|
|||
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
|
||||
Connection: close
|
||||
|
||||
username=admin&password=admin
|
||||
username={{username}}&password={{password}}
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- admin
|
||||
password:
|
||||
- admin
|
||||
attack: pitchfork
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
|
|
|||
|
|
@ -14,7 +14,14 @@ requests:
|
|||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
username=admin&password=admin
|
||||
username={{username}}&password={{password}}
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- admin
|
||||
password:
|
||||
- admin
|
||||
attack: pitchfork
|
||||
|
||||
redirects: false
|
||||
matchers:
|
||||
|
|
|
|||
|
|
@ -14,7 +14,14 @@ requests:
|
|||
Host:{{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
|
||||
|
||||
userName=admin&password=123456
|
||||
userName={{username}}&password={{password}}
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- admin
|
||||
password:
|
||||
- 123456
|
||||
attack: pitchfork
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
|
|
|||
|
|
@ -7,14 +7,21 @@ info:
|
|||
tags: zabbix,default-login
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- '{{BaseURL}}/index.php'
|
||||
headers:
|
||||
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
|
||||
X-Requested-With: XMLHttpRequest
|
||||
- raw:
|
||||
- |
|
||||
POST /index.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
|
||||
X-Requested-With: XMLHttpRequest
|
||||
|
||||
body: name=Admin&password=zabbix&autologin=1&enter=Sign+in
|
||||
name={{username}}&password={{password}}&autologin=1&enter=Sign+in
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- Admin
|
||||
password:
|
||||
- zabbix
|
||||
attack: pitchfork
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
|
@ -24,4 +31,4 @@ requests:
|
|||
|
||||
- type: status
|
||||
status:
|
||||
- 302
|
||||
- 302
|
||||
|
|
|
|||
|
|
@ -9,14 +9,21 @@ info:
|
|||
tags: zmanda,default-login
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- '{{BaseURL}}/ZMC_Admin_Login'
|
||||
headers:
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
Cookie: zmc_cookies_enabled=true
|
||||
- raw:
|
||||
- |
|
||||
POST /ZMC_Admin_Login HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
Cookie: zmc_cookies_enabled=true
|
||||
|
||||
body: login=AEE&last_page=&username=admin&password=admin&submit=Login&JS_SWITCH=JS_ON
|
||||
login=AEE&last_page=&username={{username}}&password={{password}}&submit=Login&JS_SWITCH=JS_ON
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- admin
|
||||
password:
|
||||
- admin
|
||||
attack: pitchfork
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
|
|
|||
Loading…
Reference in New Issue