Apache Doris - Default Login
ID: doris-default-login
Severity: high
Author: icarot
Tags: apache,default-login,doris
Description
Section titled “Description”Tests if Apache Doris Panel, it is an easy-to-use, high performance and unified analytics database, is using the default password on root/admin user accounts.
YAML Source
Section titled “YAML Source”id: doris-default-login
info: name: Apache Doris - Default Login author: icarot severity: high description: | Tests if Apache Doris Panel, it is an easy-to-use, high performance and unified analytics database, is using the default password on root/admin user accounts. metadata: verified: true max-request: 2 vendor: apache product: doris shodan-query: http.favicon.hash:"24048806" fofa-query: icon_hash=24048806 tags: apache,default-login,doris
http: - raw: - | POST /rest/v1/login HTTP/1.1 Host: {{Hostname}} Authorization: Basic {{basicAuth}} Content-Type: application/json; charset=utf-8
payloads: basicAuth: - YWRtaW46 - cm9vdDo=
stop-at-first-match: true matchers-condition: and matchers: - type: word part: body words: - 'msg":"Login success!"'
- type: word part: content_type words: - 'application/json'
- type: status status: - 200# digest: 4b0a00483046022100d5c105417968b85d091dcc6eb1c5e0926766402a8f891134b87ee4d94068076c022100a76652b99f3f6d7a8e84b9add6900ac660d55541e560eb4c54615c045eb19610:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/default-logins/apache/doris-default-login.yaml"