Update dbeaver-credentials.yaml

2023-08-01 06:37:06 +08:00 · 2023-08-01 06:37:06 +08:00 · 7340d31a4d
parent d6d46d7208
commit 7340d31a4d
1 changed files with 20 additions and 21 deletions
--- a/http/exposures/configs/dbeaver-credentials.yaml
+++ b/http/exposures/configs/dbeaver-credentials.yaml
@ -2,7 +2,7 @@ id: dbeaver-credentials

 info:
  name: DBeaver - Credentials Discovery
-  author: geeknik
+  author: geeknik,j4vaovo
  severity: medium
  description: DBeaver credentials were discovered.
  classification:
@ -11,34 +11,33 @@ info:
    cwe-id: CWE-522
  tags: exposure,dbeaver
  metadata:
-    max-request: 1
+    max-request: 2
+
+variables:
+  str: "{{rand_base(6)}}"

 http:
-  - method: GET
-    path:
-      - "{{BaseURL}}/.dbeaver/credentials-config.json"
+  - raw:
+      - |
+        GET /{{str}}.json HTTP/1.1
+        Host: {{Hostname}}
+
+      - |
+        GET /.dbeaver/credentials-config.json HTTP/1.1
+        Host: {{Hostname}}

    # To decode the credentials file, use following command:
    # openssl aes-128-cbc -d -K "babb4a9f774ab853c96c2d653dfe544a" -iv 00000000000000000000000000000000 -in credentials-config.json | dd bs=1 skip=16 2>/dev/null

    matchers-condition: and
    matchers:
-      - type: status
-        status:
-          - 200
-
-      - type: word
-        part: header
-        words:
-          - "application/octet-stream"
-
      - type: dsl
        dsl:
-          - 'len(body) > 2'
-
-      - type: dsl
-        dsl:
-          - "!contains(tolower(body), '<html')"
-          - "!contains(tolower(body), '<body')"
-          - "!contains(tolower(body), '<iframe')"
+          - "status_code_2 == 200"
+          - "len(body_2) > 2"
+          - "contains(header_2, 'application/octet-stream')"
+          - "len(body_1) != len(body_2)"
+          - "!contains(tolower(body_2), '<html')"
+          - "!contains(tolower(body_2), '<body')"
+          - "!contains(tolower(body_2), '<iframe')"
        condition: and