From 22e30c61da64e1a30aa550a4c7ad9e223690b9ac Mon Sep 17 00:00:00 2001
From: pussycat0x <65701233+pussycat0x@users.noreply.github.com>
Date: Wed, 15 Mar 2023 18:24:11 +0530
Subject: [PATCH 1/2] Magnolia Default Login

---
 default-logins/magnolia-default-login.yaml | 69 ++++++++++++++++++++++
 1 file changed, 69 insertions(+)
 create mode 100644 default-logins/magnolia-default-login.yaml

diff --git a/default-logins/magnolia-default-login.yaml b/default-logins/magnolia-default-login.yaml
new file mode 100644
index 0000000000..1a78915ebc
--- /dev/null
+++ b/default-logins/magnolia-default-login.yaml
@@ -0,0 +1,69 @@
+id: magnolia-default-login
+
+info:
+  name: Magnolia Default Login
+  author: pussycat0x
+  severity: high
+  description: Mangnolia CMS default credentials were discovered.
+  reference:
+    - https://www.magnolia-cms.com/
+  metadata:
+    verified: "true"
+    shodan-query: title:"Magnolia 6" || title:"Magnolia 5"
+  tags: magnolia,default-login
+
+requests:
+  - raw:
+
+      - |
+        GET /.magnolia/admincentral HTTP/1.1
+        Host: {{Hostname}}
+
+      - |
+        POST /.magnolia/admincentral HTTP/1.1
+        Host: {{Hostname}}
+        Cookie: csrf={{csrf}};JSESSIONID={{session}}
+        Content-Type: application/x-www-form-urlencoded
+        Origin: {{BaseURL}}
+        Referer: {{BaseURL}}/.magnolia/admincentral
+
+        mgnlUserId={{username}}&mgnlUserPSWD={{password}}&csrf={{csrf}}
+
+      - |
+        GET /.magnolia/admincentral/PUSH?v-uiId=1 HTTP/1.1
+        Host: {{Hostname}}
+        Cookie: csrf={{csrf}}; JSESSIONID={{session}}
+
+    payloads:
+      username:
+        - superuser
+      password:
+        - superuser
+    attack: pitchfork
+
+    extractors:
+      - type: kval
+        name: csrf
+        part: header
+        internal: true
+        kval:
+          - csrf
+
+      - type: kval
+        name: session
+        internal: true
+        part: header
+        kval:
+          - JSESSIONID
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body_3
+        words:
+          - "changes"
+          - "resources"
+
+      - type: status
+        status:
+          - 200
\ No newline at end of file

From 92c5c11266917f74637261010e5e789be3c76099 Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Thu, 16 Mar 2023 07:37:04 +0530
Subject: [PATCH 2/2] added condition: and & additional matcher and
 content-type fix

---
 default-logins/magnolia-default-login.yaml | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/default-logins/magnolia-default-login.yaml b/default-logins/magnolia-default-login.yaml
index 1a78915ebc..65ea603279 100644
--- a/default-logins/magnolia-default-login.yaml
+++ b/default-logins/magnolia-default-login.yaml
@@ -9,7 +9,7 @@ info:
     - https://www.magnolia-cms.com/
   metadata:
     verified: "true"
-    shodan-query: title:"Magnolia 6" || title:"Magnolia 5"
+    shodan-query: html:"Magnolia is a registered trademark"
   tags: magnolia,default-login
 
 requests:
@@ -61,9 +61,15 @@ requests:
       - type: word
         part: body_3
         words:
-          - "changes"
-          - "resources"
+          - '"changes":'
+          - '"resources":'
+        condition: and
+
+      - type: word
+        part: header_3
+        words:
+          - 'application/json'
 
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200