fscan/WebScan/pocs/nexus-default-password.yml

name: poc-yaml-nexus-default-password
rules:
  - method: GET
    path: /service/local/authentication/login
    follow_redirects: false
    headers:
      Accept: application/json
      Authorization: Basic YWRtaW46YWRtaW4xMjM=
    expression: >
      response.status == 200 && response.content_type.contains("json") && response.body.bcontains(b"loggedIn")
detail:
  author: Soveless(https://github.com/Soveless)
  Affected Version: "Nexus Repository Manager OSS"
  links:
    - https://help.sonatype.com/learning/repository-manager-3/first-time-installation-and-setup/lesson-1%3A--installing-and-starting-nexus-repository-manager
修改yaml解析模块,支持密码爆破,如tomcat弱口令。yaml中新增sets参数,类型为数组,用于存放密码,具体看tomcat-manager-week.yaml 2021-02-25 19:53:58 +08:00			`name: poc-yaml-nexus-default-password`
			`rules:`
			`- method: GET`
优化xray解析模块,支持groups、新增poc 2021-11-16 11:53:46 +08:00			`path: /service/local/authentication/login`
			`follow_redirects: false`
修改yaml解析模块,支持密码爆破,如tomcat弱口令。yaml中新增sets参数,类型为数组,用于存放密码,具体看tomcat-manager-week.yaml 2021-02-25 19:53:58 +08:00			`headers:`
			`Accept: application/json`
			`Authorization: Basic YWRtaW46YWRtaW4xMjM=`
			`expression: >`
优化xray解析模块,支持groups、新增poc 2021-11-16 11:53:46 +08:00			`response.status == 200 && response.content_type.contains("json") && response.body.bcontains(b"loggedIn")`
修改yaml解析模块,支持密码爆破,如tomcat弱口令。yaml中新增sets参数,类型为数组,用于存放密码,具体看tomcat-manager-week.yaml 2021-02-25 19:53:58 +08:00			`detail:`
			`author: Soveless(https://github.com/Soveless)`
			`Affected Version: "Nexus Repository Manager OSS"`
			`links:`
优化xray解析模块,支持groups、新增poc 2021-11-16 11:53:46 +08:00			`- https://help.sonatype.com/learning/repository-manager-3/first-time-installation-and-setup/lesson-1%3A--installing-and-starting-nexus-repository-manager`