dvwa-headless-automatic-login: DVWA Headless Automatic Login

id: dvwa-headless-automatic-login

info:
  name: DVWA Headless Automatic Login
  author: pdteam
  severity: high
  tags: headless,dvwa,vuln

headless:
  - steps:
      - args:
          url: "{{BaseURL}}/login.php"
        action: navigate

      - action: waitload

      - args:
          by: x
          xpath: /html/body/div/div[2]/form/fieldset/input
        action: click

      - action: waitload

      - args:
          by: x
          value: admin
          xpath: /html/body/div/div[2]/form/fieldset/input
        action: text

      - args:
          by: x
          xpath: /html/body/div/div[2]/form/fieldset/input[2]
        action: click

      - action: waitload

      - args:
          by: x
          value: password
          xpath: /html/body/div/div[2]/form/fieldset/input[2]
        action: text

      - args:
          by: x
          xpath: /html/body/div/div[2]/form/fieldset/p/input
        action: click

      - action: waitload

    matchers-condition: or
    matchers:
      - part: resp
        type: word
        words:
          - "You have logged in as"

      - part: resp
        type: word
        words:
          - "First time using DVWA"
# digest: 4a0a0047304502203f167fa66217ad1548152a7f7257b78eddf2ef3e6412885c5592acef1b3d06f30221008696188b61504cba10895da2637cc40d3a056800ba4684a135d1698f06fd4787:922c64590222798bb761d5b6d8e72950