Closed l0nedigit closed 3 years ago
@l0nedigit This can be accomplished by upgrading all current login templates to incorporate payloads, as the nuclei engine does include matched payload values in the output.
For example, dell-idrac-default-login can be updated as follows:
id: dell-idrac-default-login
info:
name: Dell iDRAC6/7/8 Default login
author: kophjager007
severity: high
tags: dell,idrac,default-login
requests:
- method: POST
path:
- "{{BaseURL}}/data/login"
body: "user={{username}}&password={{password}}"
headers:
Content-Type: "application/x-www-form-urlencode"
Referer: "{{BaseURL}}/login.html"
attack: pitchfork
payloads:
username:
- root
password:
- calvin
cookie-reuse: true
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- '<authResult>0</authResult>'
Awesome thanks!
@l0nedigit we are keeping this issue open as we wanted to apply these changes in existing templates as well.
That'd be great, thanks again.
@ehsandeep does all the templates from login should be updated this way? So I only need to upgrade the default login parameters to the body: "user={{username}}&password={{password}}"
?
@aga7hokakological right, here is an example PR - https://github.com/projectdiscovery/nuclei-templates/pull/2828, we need to adopt payloads in default login templates.
Hey @ehsandeep I would like to take up this issue but I have one question about template validation, can I use YAMLlint for validation?
@aga7hokakological don't worry about validation as they will be auto detected as part of automation once the PR is open.
I just posted a pull request that includes updated templates to hopefully resolve this issue.
When using default-logins templates, it would be convenient to have the successful username(s) & password(s) used against the application included in the output file specified (stdout and json format). Understand the -irr flag can be used, but is also cumbersome at times to sort through.