75 lines
2.5 KiB
YAML
75 lines
2.5 KiB
YAML
id: glpi-default-credentials
|
|
info:
|
|
name: GLPI Default Credentials Check
|
|
author: andysvints
|
|
severity: high
|
|
tags: glpi,default-login
|
|
description: GLPI is an ITSM software tool that helps you plan and manage IT changes. Checking is default super admin account(glpi/glpi) is enabled.
|
|
reference: https://glpi-project.org/
|
|
|
|
requests:
|
|
- raw:
|
|
- |
|
|
GET / HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Upgrade-Insecure-Requests: 1
|
|
Connection: keep-alive
|
|
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Edg/91.0.864.70
|
|
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
|
|
Accept-Encoding: gzip, deflate
|
|
Accept-Language: en-US,en;q=0.9,ru;q=0.8,uk;q=0.7
|
|
|
|
- |
|
|
POST /front/login.php HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Connection: keep-alive
|
|
Content-Length: 179
|
|
Cache-Control: max-age=0
|
|
Upgrade-Insecure-Requests: 1
|
|
Origin: {{BaseURL}}
|
|
Content-Type: application/x-www-form-urlencoded
|
|
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Edg/91.0.864.70
|
|
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
|
|
Referer: {{BaseURL}}
|
|
Accept-Encoding: gzip, deflate
|
|
Accept-Language: en-US,en;q=0.9,ru;q=0.8,uk;q=0.7
|
|
|
|
{{name}}=glpi&{{password}}=glpi&auth=local&submit=Submit&_glpi_csrf_token={{token}}
|
|
|
|
cookie-reuse: true
|
|
redirects: true
|
|
|
|
extractors:
|
|
- type: regex
|
|
name: token
|
|
part: body
|
|
internal: true
|
|
group: 1
|
|
regex:
|
|
- "hidden\" name=\"_glpi_csrf_token\" value=\"([0-9a-z]+)\""
|
|
|
|
- type: regex
|
|
name: name
|
|
part: body
|
|
internal: true
|
|
group: 1
|
|
regex:
|
|
- "type=\"text\" name=\"([0-9a-z]+)\" id=\"login_name\" required=\"required\""
|
|
|
|
- type: regex
|
|
name: password
|
|
part: body
|
|
internal: true
|
|
group: 1
|
|
regex:
|
|
- "type=\"password\" name=\"([0-9a-z]+)\" id=\"login_password\" required=\"required\""
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- '<title>GLPI - Standard Interface</title>'
|
|
- type: status
|
|
status:
|
|
- 200
|