daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/default-logins/druid/druid-default-login.yaml

45 lines
839 B
YAML
Raw Blame History

id: druid-default-login
info:
name: Apache Druid Default Login
author: pikpikcu
severity: high
description: Apache Druid default login information (admin/admin) was discovered.
classification:
cwe-id: CWE-798
tags: druid,default-login
requests:
- raw:
- |
POST /druid/submitLogin HTTP/1.1
Host: {{Hostname}}
loginUsername={{username}}&loginPassword={{password}}
- |
POST /submitLogin HTTP/1.1
Host: {{Hostname}}
loginUsername={{username}}&loginPassword={{password}}
payloads:
username:
- admin
password:
- admin
attack: pitchfork
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: regex
regex:
- "^success$"
# Enhanced by mp on 2022/03/03
Reference in New Issue View Git Blame Copy Permalink