daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

4

patch-1
Natto 2022-04-29 09:29:43 +08:00 committed by GitHub
parent c33118b6e8
commit f6bf5fe7a7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 36 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
default-logins/phpmyadmin/phpmyadmin-default-login.yaml
View File

@ -10,7 +10,7 @@ info:
tags: default-login,phpmyadmin
requests:
- raw:
- raw:
- |
GET /index.php HTTP/1.1
Host: {{Hostname}}
@ -36,40 +36,40 @@ requests:
pma_username={{user}}&pma_password={{password}}&server=1&target=index.php&token={{token1}}
attack: clusterbomb
payloads:
user:
- root
- mysql
password:
- 123456
- root
- mysql
attack: clusterbomb
payloads:
user:
- root
- mysql
password:
- 123456
- root
- mysql
extractors:
- type: regex
name: token1
part: body
internal: true
group: 1
regex:
- ;token=(.*?)'></script>
- type: regex
name: token2
part: header
internal: true
group: 1
regex:
- phpMyAdmin=(.*?); path=
extractors:
- type: regex
name: token1
part: body
internal: true
group: 1
regex:
- ;token=(.*?)'></script>
- type: regex
name: token2
part: header
internal: true
group: 1
regex:
- phpMyAdmin=(.*?); path=
matchers-condition: and
matchers:
- type: status
status:
- 302
- type: word
part: header
words:
- 'Set-Cookie: pmaUser'
- 'Set-Cookie: pmaPas'
condition: and
matchers-condition: and
matchers:
- type: status
status:
- 302
- type: word
part: header
words:
- 'Set-Cookie: pmaUser'
- 'Set-Cookie: pmaPas'
condition: and