nuclei-templates/http/exposed-panels/somansa-dlp-detect.yaml

id: somansa-dlp-detect

info:
  name: Somansa DLP Login Panel - Detect
  author: gy741,ritikchaddha
  severity: info
  description: Somansa DLP login panel was detected.
  reference:
    - https://www.somansa.com/solution/integrated_solution/dlp/
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    cwe-id: CWE-200
  metadata:
    verified: true
    max-request: 2
    shodan-query: http.html:"DLP system"
  tags: panel,somansa,dlp

http:
  - method: GET
    path:
      - "{{BaseURL}}/DLPCenter/loginform.sms"
      - "{{BaseURL}}/DLPCenter/images/favicon.ico"

    stop-at-first-match: true

    matchers-condition: or
    matchers:
      - type: word
        part: body
        words:
          - "/DLPCenter/js/"
          - "SOMANSA"
        condition: and
        case-insensitive: true

      - type: dsl
        dsl:
          - "status_code==200 && (\"-1217239281\" == mmh3(base64_py(body)))"
# digest: 4a0a00473045022100defc62380ad11470236b5849d7e34779aa902cdfe1f3b7c3c8b4c8bdc0d5cf0202206bd1ad6f4a53d6051e17345abe67a59a62f0a196910f69b94f261038445f91d5:922c64590222798bb761d5b6d8e72950