Add new matchers and extractors

2023-10-20 18:58:04 +02:00 · 2023-10-20 18:58:04 +02:00 · a583c901cf
parent aac65c12fb
commit a583c901cf
1 changed files with 11 additions and 6 deletions
--- a/http/exposed-panels/plesk-onyx-login.yaml
+++ b/http/exposed-panels/plesk-onyx-login.yaml
@ -1,12 +1,13 @@
 id: plesk-onyx-login
 info:
-  name: Plesk Onyx Login Panel - Detect
+  name: Plesk Login Panel - Detect
-  author: dhiyaneshDK,daffainfo
+  author: dhiyaneshDK,daffainfo,righettod
  severity: info
-  description: Plesk Onyx login panel was detected.
+  description: Plesk login panel was detected.
  reference:
    - https://www.exploit-db.com/ghdb/6501
    - https://www.plesk.com/
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    cvss-score: 0
@ -14,7 +15,7 @@ info:
  metadata:
    verified: true
    max-request: 1
-    shodan-query: http.html:"Plesk Onyx"
+    shodan-query: http.html:"Plesk Onyx" http.html:"plesk-build"
    google-query: inurl:login_up.php "Plesk Onyx"
  tags: panel,plesk,login,edb
@ -29,6 +30,11 @@ http:
        part: body
        words:
          - 'alt="Plesk Onyx'
          - 'plesk-build'
          - 'plesk-revision'
          - 'plesk-root'
        condition: or
        case-insensitive: true
      - type: status
        status:
@ -40,5 +46,4 @@ http:
        group: 1
        regex:
          - 'alt="Plesk Onyx ([0-9.]+)"'
-
+          - '(?i)"urlArgs":"([0-9.-]+)"'
 # digest: 4b0a00483046022100c9ccb692a765eec626d4440dc3e2df6b37691a4a1a56a7f99ed49d19772965fd022100aa1040dd8622c24d40d06eb2ceaca0c452b9d4967f5f5d4f90204d16a9cc0fc8:922c64590222798bb761d5b6d8e72950