add oracle-bi-default-credentials.yaml

2021-06-21 05:35:36 +08:00 · 2021-06-21 05:35:36 +08:00 · 7c01e95ee1
parent e8e5dd5c83
commit 7c01e95ee1
1 changed files with 39 additions and 0 deletions
--- a/default-logins/oracle/oracle-bi-default-credentials.yaml
+++ b/default-logins/oracle/oracle-bi-default-credentials.yaml
@ -0,0 +1,39 @@
+id: oracle-business-intelligence-default-credentials
+
+info:
+  name: Oracle Business Intelligence Default Credentials
+  author: milo2012
+  severity: high
+  tags: oracle,business intelligence
+
+requests:
+  - raw:
+      - |
+            POST /xmlpserver/services/XMLPService HTTP/1.1
+            Content-Type: text/xml
+            SOAPAction: ""
+            Cookie: JSESSIONID=rY0rMSBGerKQxDoGHdxkLZ7iLj3GgAjDzEfix5ntVX4bjctPXvbL!-387043440
+            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+            Accept-Encoding: gzip,deflate
+            Content-Length: 771
+            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4298.0 Safari/537.36
+            Host: {{Hostname}}
+            Connection: Keep-alive
+      
+            <soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:rep="http://xmlns.oracle.com/oxp/service/report">
+            <soapenv:Header/>
+            <soapenv:Body>
+                <rep:createSession soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
+                    <username xsi:type="xsd:string">Administrator</username>
+                    <password xsi:type="xsd:string">Administrator</password>
+                    <domain xsi:type="xsd:string">XXX</domain>
+                </rep:createSession>
+            </soapenv:Body>
+            </soapenv:Envelope>      
+      
+
+    matchers:
+      - type: regex
+        regex:
+          - 'createSessionReturn'
+        part: body