Merge pull request #10533 from kazet/fewer-fps-xui

Fewer FPs for http/default-logins/xui-weak-login.yaml

http/default-logins/xui/xui-default-login.yaml

@@ -1,4 +1,4 @@
-id: xui-weak-login
+id: xui-default-login
 
 info:
   name: X-UI - Default Login
@@ -13,11 +13,16 @@ info:
     cwe-id: CWE-798
   metadata:
     verified: true
-    max-request: 1
+    max-request: 2
+    fofa-query: title="X-UI Login"
     shodan-query: title:"X-UI Login"
   tags: x-ui,default-login
 
 http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/login"
+
   - method: POST
     path:
       - "{{BaseURL}}/login"
@@ -26,6 +31,7 @@ http:
       content-type: application/x-www-form-urlencoded
 
     body: "username={{username}}&password={{password}}"
+
     attack: pitchfork
     payloads:
       username:
@@ -35,18 +41,12 @@ http:
 
     matchers-condition: and
     matchers:
-      - type: word
+      - type: dsl
-        part: body
+        dsl:
-        words:
+          - '!contains(http_1_body, "\"success\":true")'
-          - '"success":true'
+          - 'contains_all(http_2_body, "\"success\":true", "msg\":")'
-
+          - "contains(http_2_header, 'application/json')"
-      - type: word
+          - "http_2_status_code == 200"
-        part: header
+        condition: and
-        words:
-          - 'application/json'
-
-      - type: status
-        status:
-          - 200
 
 # digest: 4a0a00473045022100e1f36784ffef57d558271751b0e7a92bab17976ca7606e37cc01a6952f9c0b14022058f645f21814ae9bc4b00d071c3bd6027ff97c1ddb010526500e0799955827ad:922c64590222798bb761d5b6d8e72950