nuclei-templates/technologies/microstrategy-detect.yaml

56 lines
1.3 KiB
YAML

id: microstrategy-detect
info:
name: MicroStrategy Instances Detection Template
author: philippedelteil,Retr02332
severity: info
description: Detect if MicroStrategy instances exist in your URLS
tags: microstrategy,panel
requests:
- method: GET
path:
- "{{BaseURL}}/{{path}}"
payloads:
path:
- MicroStrategy/servlet/mstrWebAdmin/
- MicroStrategy/servlet/mstrWebAdmin
- MicroStrategy/servlet/taskProc/
- MicroStrategy/servlet/taskProc
- MicroStrategy/servlet/mstrWeb/
- MicroStrategy/servlet/mstrWeb
- MicroStrategy/
- MicroStrategy
- servlet/mstrWebAdmin/
- servlet/mstrWebAdmin
- servlet/taskProc/
- servlet/taskProc
- servlet/mstrWeb/
- servlet/mstrWeb
- asp/Main.aspx
- MicroStrategy/asp
stop-at-first-match: true
matchers:
- type: dsl
condition: or
dsl:
- 'contains(body, "MicroStrategy, Incorporated.")'
- 'contains(body, "microstrategy.servletName")'
- 'contains(body, "mstrHiddenInput")'
extractors:
- type: regex
part: body
group: 1
regex:
- 'ProductHelp/([0-9.A-Z]+)'
- type: regex
part: body
group: 1
regex:
- 'WELCOME. MicroStrategy ([0-9]+)'