diff --git a/http/misconfiguration/sonarqube-default-credentials.yaml b/http/misconfiguration/sonarqube-default-credentials.yaml
new file mode 100644
index 0000000000..81d1debd65
--- /dev/null
+++ b/http/misconfiguration/sonarqube-default-credentials.yaml
@@ -0,0 +1,32 @@
+id: sonarqube-default-credential
+info:
+  name: Sonarqube Default Credential Login
+  author: Ep1cSage
+  severity: critical
+  description: description
+  reference: 
+    - https://docs.sonarsource.com/sonarqube/9.6/instance-administration/security/#:~:text=When%20installing%20SonarQube%2C%20a%20default,Password%3A%20admin
+  tags: sonarqube
+  
+requests:
+  - raw:
+      - |-
+        POST /api/authentication/login HTTP/1.1
+        Host: {{Hostname}}
+        Referer: http://{{Hostname}}:9000/sessions/new
+        Content-Type: application/x-www-form-urlencoded
+        Origin: http://{{Hostname}}:9000
+
+        {{credentials}}
+        
+    attack: batteringram
+    payloads:
+      credentials:
+        - login=sonar&password=sonar
+        - login=admin&password=admin
+        
+    matchers:
+      - type: word
+        part: header
+        words:
+          - HTTP/1.1 200