Merge pull request #10533 from kazet/fewer-fps-xui

Fewer FPs for http/default-logins/xui-weak-login.yaml
2024-08-26 16:54:05 -07:00 · 2024-08-26 16:54:05 -07:00 · 5c595c4e89
parent 8ba18b1b4f 4c9ad9bca2
commit 5c595c4e89
1 changed files with 15 additions and 15 deletions
--- a/http/default-logins/xui/xui-default-login.yaml
+++ b/http/default-logins/xui/xui-default-login.yaml
@ -1,4 +1,4 @@
-id: xui-weak-login
+id: xui-default-login

 info:
  name: X-UI - Default Login
@ -13,11 +13,16 @@ info:
    cwe-id: CWE-798
  metadata:
    verified: true
-    max-request: 1
+    max-request: 2
+    fofa-query: title="X-UI Login"
    shodan-query: title:"X-UI Login"
  tags: x-ui,default-login

 http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/login"
+
  - method: POST
    path:
      - "{{BaseURL}}/login"
@ -26,6 +31,7 @@ http:
      content-type: application/x-www-form-urlencoded

    body: "username={{username}}&password={{password}}"
+
    attack: pitchfork
    payloads:
      username:
@ -35,18 +41,12 @@ http:

    matchers-condition: and
    matchers:
-      - type: word
-        part: body
-        words:
-          - '"success":true'
-
-      - type: word
-        part: header
-        words:
-          - 'application/json'
-
-      - type: status
-        status:
-          - 200
+      - type: dsl
+        dsl:
+          - '!contains(http_1_body, "\"success\":true")'
+          - 'contains_all(http_2_body, "\"success\":true", "msg\":")'
+          - "contains(http_2_header, 'application/json')"
+          - "http_2_status_code == 200"
+        condition: and

 # digest: 4a0a00473045022100e1f36784ffef57d558271751b0e7a92bab17976ca7606e37cc01a6952f9c0b14022058f645f21814ae9bc4b00d071c3bd6027ff97c1ddb010526500e0799955827ad:922c64590222798bb761d5b6d8e72950