id: reportico-admin-panel

info:
  name: Reportico Administration Page - Detect
  author: geeknik
  severity: info
  description: |
    Create a simple report using the designer front end in seconds from a single SQL statement. Add expressions, user criteria, charts, groups, aggregations, page headers, page footers, hyperlinks and even custom plugin code.
  reference:
    - https://www.reportico.org/site2/index.php
    - https://github.com/reportico-web/reportico
  classification:
    cpe: cpe:2.3:a:reportico:reportico:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: reportico
    product: reportico
    shodan-query:
      - title:"Reportico Administration Page"
      - http.title:"reportico administration page"
    fofa-query: title="reportico administration page"
    google-query: intitle:"reportico administration page"
  tags: panel,reportico,login,detect

http:
  - method: GET
    path:
      - "{{BaseURL}}/run.php?project=admin&execute_mode=ADMIN&clear_session=1"
      - "{{BaseURL}}/reportico/run.php?project=admin&execute_mode=ADMIN&clear_session=1"

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
        words:
          - "Reportico Administration"
          - "reportico_"
        condition: and

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100bee2c25c39258523998c81bf9078d20152fb53e20fa4365efdd8a09f9e73e5080221009178d4aeb2ea362bb8ecdeb38c0fdc149d7610af44f744d9bf8821e3ae8949d7:922c64590222798bb761d5b6d8e72950