From 48db30da00e61815709ba5b7c6b44b416b874368 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Thu, 12 Jan 2023 10:53:50 +0530 Subject: [PATCH 1/2] Create ldap-account-manager-panel.yaml --- .../ldap-account-manager-panel.yaml | 36 +++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 exposed-panels/ldap-account-manager-panel.yaml diff --git a/exposed-panels/ldap-account-manager-panel.yaml b/exposed-panels/ldap-account-manager-panel.yaml new file mode 100644 index 0000000000..c07837d57e --- /dev/null +++ b/exposed-panels/ldap-account-manager-panel.yaml @@ -0,0 +1,36 @@ +id: ldap-account-manager-panel + +info: + name: LDAP Account Manager Login Panel + author: DhiyaneshDk + severity: info + description: | + LDAP Account Manager login panel was detected. + reference: + - https://www.ldap-account-manager.org/lamcms/ + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0.0 + cwe-id: CWE-200 + metadata: + verified: true + shodan-query: title:"LDAP Account Manager" + tags: panel,ldap + +requests: + - method: GET + path: + - "{{BaseURL}}/templates/login.php" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "LDAP Account Manager" + - "LAM configuration" + condition: and + + - type: status + status: + - 200 From 0087df07099204a2c185b629aed49585743d6523 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Fri, 13 Jan 2023 12:22:49 +0530 Subject: [PATCH 2/2] added-additional-path --- exposed-panels/ldap-account-manager-panel.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/exposed-panels/ldap-account-manager-panel.yaml b/exposed-panels/ldap-account-manager-panel.yaml index c07837d57e..9efa278cab 100644 --- a/exposed-panels/ldap-account-manager-panel.yaml +++ b/exposed-panels/ldap-account-manager-panel.yaml @@ -21,6 +21,7 @@ requests: - method: GET path: - "{{BaseURL}}/templates/login.php" + - "{{BaseURL}}/lam/templates/login.php" matchers-condition: and matchers: