Template improvements

- Added additional username as per reference - Updated attacktype
2021-11-28 00:32:41 +05:30 · 2021-11-28 00:32:41 +05:30 · 92fde2b260
parent 798a434a66
commit 92fde2b260
1 changed files with 13 additions and 8 deletions
--- a/default-logins/ibm/ibm-mqseries-web-console-default-login.yaml
+++ b/default-logins/ibm/ibm-mqseries-web-console-default-login.yaml
@ -1,11 +1,14 @@
-id: ibm-mqseries-web-console-default-login
+id: ibm-mqseries-default-login

 info:
  name: IBM MQSeries web console default login
  author: righettod
-  severity: critical
+  severity: high
+  description: The remote host is running IBM MQ and REST API and is using default credentials. An unauthenticated, remote attacker can exploit this gain privileged or administrator access to the system.
  tags: ibm,default-login
-  reference: https://github.com/ibm-messaging/mq-container/blob/master/etc/mqm/mq.htpasswd
+  reference:
+    - https://github.com/ibm-messaging/mq-container/blob/master/etc/mqm/mq.htpasswd
+    - https://vulners.com/nessus/IBM_MQ_DEFAULT_CREDENTIALS.NASL

 requests:
  - raw:
@ -18,21 +21,23 @@ requests:

        j_username={{username}}&j_password={{password}}

+    attack: pitchfork
    payloads:
      username:
        - admin
        - app
-        - donotexists # To detect false-positives
+        - mqadmin
      password:
        - passw0rd
-    attack: clusterbomb
+        - passw0rd
+        - mqadmin
+
    matchers-condition: and
    matchers:
      - type: word
+        part: header
        words:
          - "LtpaToken2_"
-        part: header
-        condition: and

      - type: status
        status: