From 4b8d639fa5f3731289fa745cb3adeac60621a5fc Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Wed, 22 Jun 2022 10:50:23 +0530
Subject: [PATCH] Update and rename teamcity-guest.yaml to
 teamcity-guest-login-enabled.yaml

---
 ...yaml => teamcity-guest-login-enabled.yaml} | 23 +++++++++++--------
 1 file changed, 14 insertions(+), 9 deletions(-)
 rename misconfiguration/{teamcity-guest.yaml => teamcity-guest-login-enabled.yaml} (53%)

diff --git a/misconfiguration/teamcity-guest.yaml b/misconfiguration/teamcity-guest-login-enabled.yaml
similarity index 53%
rename from misconfiguration/teamcity-guest.yaml
rename to misconfiguration/teamcity-guest-login-enabled.yaml
index d5e47ce57d..c0847935b8 100644
--- a/misconfiguration/teamcity-guest.yaml
+++ b/misconfiguration/teamcity-guest-login-enabled.yaml
@@ -1,33 +1,38 @@
-id: guest-teamcity
+id: teamcity-guest-login-enabled
 
 info:
-  name: JetBrains - TeamCity - Unauthenticated Control Panel Information Disclosure
+  name: JetBrains TeamCity - Guest User Access Enabled
   author: Ph33r
-  severity: high
+  severity: info
   description: |
-    JetBrains - TeamCity - Unauthenticated Control Panel Information Disclosure login like a Guest
+    TeamCity provides the ability to turn on the guest login allowing anonymous access to the TeamCity UI.
   reference:
     - https://ph33r.medium.com/misconfig-in-teamcity-panel-lead-to-auth-bypass-in-apache-org-exploit-146f6a1a4e2b
-  tags: misconfig,auth-bypass,register,teamcity
+    - https://www.jetbrains.com/help/teamcity/guest-user.html
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
     cvss-score: 7.30
     cwe-id: CWE-200
+  metadata:
+    verified: true
+    shodan-query: http.component:"TeamCity"
+  tags: misconfig,teamcity,jetbrains
 
 requests:
   - raw:
       - |
         GET /guestLogin.html?guest=1 HTTP/1.1
         Host: {{Hostname}}
-        Referer: {{RootURL}}/
-        Origin: {{RootURL}}
-    cookie-reuse: true
+
     matchers-condition: and
     matchers:
       - type: word
         part: header
         words:
-          - 'Location: /overview.html'         
+          - 'Location: /overview.html'
+          - 'TCSESSIONID='
+        condition: and
+
       - type: status
         status:
           - 302