Merge pull request #10328 from projectdiscovery/netflow-default-login

Create netflow-default-login.yaml
2024-07-23 12:40:03 +05:30 · 2024-07-23 12:40:03 +05:30 · dc23da9675
parent 038a313aa3 8685648e3d
commit dc23da9675
1 changed files with 43 additions and 0 deletions
--- a/http/default-logins/netflow/netflow-default-login.yaml
+++ b/http/default-logins/netflow/netflow-default-login.yaml
@ -0,0 +1,43 @@
+id: netflow-default-login
+
+info:
+  name: Netflow Analyzer - Default Login
+  author: DhiyaneshDK
+  severity: high
+  description: |
+    Netflow Analyzer default login was discovered.
+  metadata:
+    verified: true
+    max-request: 1
+    shodan-query: html:"Login - Netflow Analyzer"
+  tags: default-login,netflow,misconfig
+
+http:
+  - raw:
+      - |
+        POST /netflow/jspui/j_security_check HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        radiusUserEnabled=false&AUTHRULE_NAME=Authenticator&j_username={{username}}&j_password={{password}}&Submit=Login
+
+    attack: pitchfork
+    payloads:
+      username:
+        - admin
+      password:
+        - admin
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: set_cookie
+        words:
+          - "NFA_Jsession="
+          - "JSESSIONID"
+        condition: or
+
+      - type: word
+        part: location
+        words:
+          - "/netflow;jsessionid"