From 8592ef0388bf8451230b63f24de03e5939d546b3 Mon Sep 17 00:00:00 2001
From: pratikkhalane <pratikkhalane91@gmail.com>
Date: Mon, 19 Jul 2021 01:46:22 +0530
Subject: [PATCH] .\Tieline\Tieline.yaml

---
 default-logins/Tieline/Tieline.yaml | 40 +++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 default-logins/Tieline/Tieline.yaml

diff --git a/default-logins/Tieline/Tieline.yaml b/default-logins/Tieline/Tieline.yaml
new file mode 100644
index 0000000000..e774acdba7
--- /dev/null
+++ b/default-logins/Tieline/Tieline.yaml
@@ -0,0 +1,40 @@
+id: Tieline-default-credentials
+
+info:
+  name: Tieline Default Credentials Detection Template
+  author: Pratik Khalane
+  severity: high
+  description: Finding the  Tieline Admin Panels with default credentials.
+  reference: https://pratikkhalane91.medium.com/use-of-default-credentials-to-unauthorised-remote-access-of-internal-panel-of-tieline-c1ffe3b3757c
+  tags: Tieline,default-login
+
+#Payloads:
+
+#Username - admin
+#Password - password
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/api/get_device_details'
+    headers:
+      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
+      Referer: '{{BaseURL}}/assets/base/home.html'
+      Authorization: 'Digest username="admin", realm="Bridge-IT", nonce="d24d09512ebc3e43c4f6faf34fdb8c76", uri="/api/get_device_details", response="d052e9299debc7bd9cb8adef0a83fed4", qop=auth, nc=00000001, cnonce="ae373d748855243d"'
+    
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<SERIAL>"
+          - "<VERSION>"
+        condition: and
+
+      - type: word
+        words:
+          - "text/xml"
+        part: header
+
+      - type: status
+        status:
+          - 200
\ No newline at end of file