Merge pull request #4115 from AdamCrosser/master

Fuel CMS Detection and Default Credentials

default-logins/fuelcms/fuelcms-default-login.yaml

@@ -0,0 +1,56 @@
+id: fuelcms-default-login
+
+info:
+  name: Fuel CMS Default Credentials
+  author: Adam Crosser
+  severity: high
+  description: Fuel CMS default admin credentials were discovered.
+  reference:
+    - https://docs.getfuelcms.com/general/security
+  tags: fuelcms,default-login,oss
+
+requests:
+  - raw:
+      - |
+        GET /fuel/login HTTP/1.1
+        Host: {{Hostname}}
+
+      - |
+        POST /fuel/login HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        user_name={{username}}&password={{password}}&Login=Login&forward=&ci_csrf_token_FUEL={{csrftoken}}
+
+    attack: pitchfork
+    payloads:
+      username:
+        - admin
+      password:
+        - admin
+
+    cookie-reuse: true
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: header
+        words:
+          - "/fuel/dashboard"
+
+      - type: regex
+        part: header
+        regex:
+          - 'fuel_(.*)='
+
+      - type: status
+        status:
+          - 302
+
+    extractors:
+      - type: regex
+        part: body
+        name: csrftoken
+        internal: true
+        group: 1
+        regex:
+          - 'id="ci_csrf_token_FUEL" value="([0-9a-z]+)" \/>'

exposed-panels/fuelcms-panel.yaml

@@ -0,0 +1,23 @@
+id: fuelcms-panel
+
+info:
+  name: Fuel CMS Panel
+  author: Adam Crosser
+  severity: info
+  tags: panel,fuelcms,oss
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/fuel/login"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "<title>FUEL CMS</title>"
+
+      - type: status
+        status:
+          - 200