Merge pull request #900 from projectdiscovery/dvwa-default-login

Added DVWA default login
2021-03-11 01:56:07 +05:30 · 2021-03-11 01:56:07 +05:30 · 5680a5ecb4
parent 2049542747 f5d85de8e7
commit 5680a5ecb4
1 changed files with 44 additions and 0 deletions
--- a/default-logins/dvwa/dvwa-default-login.yaml
+++ b/default-logins/dvwa/dvwa-default-login.yaml
@ -0,0 +1,44 @@
+id: dvwa-default-login
+info:
+  name: DVWA Default Login
+  author: pdteam
+  severity: critical
+
+requests:
+  - raw:
+      - |
+        GET /login.php HTTP/1.1
+        Host: {{Hostname}}
+        Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
+        Connection: close
+
+      - |
+        POST /login.php HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+        Cookie: PHPSESSID={{session}}; security=low
+        Connection: close
+
+        username=admin&password=password&Login=Login&user_token={{token}}
+
+    extractors:
+      - type: regex
+        name: token
+        group: 1
+        internal: true
+        part: body
+        regex:
+          - "hidden' name='user_token' value='([0-9a-z]+)'"
+
+      - type: kval
+        name: session
+        internal: true
+        part: body
+        kval:
+          - PHPSESSID
+
+    redirects: true
+    matchers:
+      - type: word
+        words:
+          - "You have logged in as 'admin'"