updated matchers,req,info

http/default-logins/geoserver/geoserver-default-login.yaml

@@ -1,7 +1,8 @@
 id: geoserver-default-login
+
 info:
-  name: Geoserver Default Admin Login
-  author: For3stCo1d
+  name: Geoserver Admin - Default Login
+  author: For3stCo1d,professorabhay,ritikchaddha
   severity: high
   description: Geoserver default admin credentials were discovered.
   reference:
@@ -10,10 +11,11 @@ info:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
     cvss-score: 8.3
     cwe-id: CWE-522
-metadata:
-  max-request: 1
-  fofa-query: app="GeoServer"
-tags: geoserver,default-login
+  metadata:
+    max-request: 1
+    verified: true
+    fofa-query: app="GeoServer"
+  tags: geoserver,default-login
 
 http:
   - raw:
@@ -24,25 +26,24 @@ http:
 
         username={{user}}&password={{pass}}
 
+      - |
+        GET /geoserver/web/ HTTP/1.1
+        Host: {{Hostname}}
+
     attack: pitchfork
     payloads:
       user:
         - admin
       pass:
         - geoserver
 
-    matchers-condition: and
+    host-redirects: true
+    max-redirects: 2
+    cookie-reuse: true
     matchers:
       - type: dsl
         dsl:
-          - "contains(tolower(location), '/geoserver/web')"
-          - "!contains(tolower(location), 'error=true')"
+          - "contains(tolower(location_1), '/geoserver/web') && contains(body_2, '<span>admin</span>')"
+          - "!contains(tolower(location_1), 'error=true')"
+          - 'status_code_1 == 302'
         condition: and
-
-      - type: status
-        status:
-          - 302
-
-      - type: status
-        status:
-          - 200