50 lines
1.2 KiB
YAML
50 lines
1.2 KiB
YAML
id: panabit-default-login
|
|
|
|
info:
|
|
name: Panabit Gateway Default Login
|
|
author: pikpikcu
|
|
severity: high
|
|
reference: https://max.book118.com/html/2017/0623/117514590.shtm
|
|
tags: panabit,default-login
|
|
|
|
requests:
|
|
- raw:
|
|
- |
|
|
POST /login/userverify.cgi HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Origin: {{BaseURL}}
|
|
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryAjZMsILtbrBp8VbC
|
|
Referer: {{BaseURL}}/login/login.htm
|
|
Accept-Encoding: gzip, deflate
|
|
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
|
|
|
|
------WebKitFormBoundaryAjZMsILtbrBp8VbC
|
|
Content-Disposition: form-data; name="{{username}}"
|
|
|
|
admin
|
|
------WebKitFormBoundaryAjZMsILtbrBp8VbC
|
|
Content-Disposition: form-data; name="{{password}}"
|
|
|
|
panabit
|
|
------WebKitFormBoundaryAjZMsILtbrBp8VbC--
|
|
|
|
payloads:
|
|
username:
|
|
- username
|
|
password:
|
|
- password
|
|
attack: pitchfork
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- '<META HTTP-EQUIV=REFRESH CONTENT="0;URL=/index.htm">'
|
|
- 'urn:schemas-microsoft-com:vml'
|
|
part: body
|
|
condition: and
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|