From dd1384f97129319d83d27271e6be2cf68f483e13 Mon Sep 17 00:00:00 2001
From: PikPikcU <60111811+pikpikcu@users.noreply.github.com>
Date: Sun, 9 May 2021 11:37:23 +0000
Subject: [PATCH 1/2] Create showdoc-default-password.yaml

---
 .../showdoc/showdoc-default-password.yaml     | 29 +++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 default-logins/showdoc/showdoc-default-password.yaml

diff --git a/default-logins/showdoc/showdoc-default-password.yaml b/default-logins/showdoc/showdoc-default-password.yaml
new file mode 100644
index 0000000000..8518d3b982
--- /dev/null
+++ b/default-logins/showdoc/showdoc-default-password.yaml
@@ -0,0 +1,29 @@
+id: showdoc-default-password
+
+info:
+  name: Showdoc Default Password
+  author: pikpikcu
+  severity: medium
+  reference: |
+    - https://blog.star7th.com/2016/05/2007.html
+  tags: showdoc,dlogin
+
+requests:
+  - method: POST
+    path:
+      - "/server/index.php?s=/api/user/login"
+    body: |
+      username=showdoc&password=123456
+
+    matchers-condition: and
+    matchers:
+
+      - type: word
+        words:
+          - "groupid"
+          - "user_token"
+        condition: and
+
+      - type: status
+        status:
+          - 200

From 062750eb209433a2da3649e97de6ee9d247efedc Mon Sep 17 00:00:00 2001
From: Prince Chaddha <cyberbossprince@gmail.com>
Date: Mon, 10 May 2021 17:16:47 +0530
Subject: [PATCH 2/2] Update showdoc-default-password.yaml

---
 default-logins/showdoc/showdoc-default-password.yaml | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/default-logins/showdoc/showdoc-default-password.yaml b/default-logins/showdoc/showdoc-default-password.yaml
index 8518d3b982..023ba730d4 100644
--- a/default-logins/showdoc/showdoc-default-password.yaml
+++ b/default-logins/showdoc/showdoc-default-password.yaml
@@ -11,17 +11,19 @@ info:
 requests:
   - method: POST
     path:
-      - "/server/index.php?s=/api/user/login"
+      - "{{BaseURL}}/server/index.php?s=/api/user/login"
     body: |
-      username=showdoc&password=123456
+      username=showdoc&password=123456&v_code=
 
+    headers:
+      Content-Type: application/x-www-form-urlencoded;charset=UTF-8
     matchers-condition: and
     matchers:
 
       - type: word
         words:
-          - "groupid"
-          - "user_token"
+          - '"username":"showdoc"'
+          - '"user_token":'
         condition: and
 
       - type: status