frp-default-login: more precise body match

[tstromberg]

Template / PR Information

This PR tightens the word matcher for the frp-default-login template to reduce false positives.

The /api/proxy/tcp endpoint in frps returns JSON:

curl http://admin:admin@localhost:7500/api/proxy/tcp
{"proxies":[]}⏎                               

This PR was motivated by a false positive we saw in the wild with a host that returned 200 for any URL, and happened to mention "proxies" in the body.

Template Validation

I've validated this template locally?

• YES
• NO

Additional Details (leave it blank if not applicable)

Before PR (localhost is a real frps endpoint):

[VER] [frp-default-login] Sent HTTP request to http://localhost:7500/api/proxy/tcp
[frp-default-login] [http] [high] http://localhost:7500/api/proxy/tcp [password="admin",username="admin"]
[VER] [frp-default-login] Sent HTTP request to https:///false-positive.a.run.app/api/proxy/tcp
[frp-default-login] [http] [high] https://false-positive.a.run.app/api/proxy/tcp [username="admin",password="admin"]

After PR:

[VER] [frp-default-login] Sent HTTP request to http://localhost:7500/api/proxy/tcp
[frp-default-login] [http] [high] http://localhost:7500/api/proxy/tcp [password="admin",username="admin"]
[VER] [frp-default-login] Sent HTTP request to https:///false-positive.a.run.app/api/proxy/tcp

Additional References:

• Nuclei Template Creation Guideline
• Nuclei Template Matcher Guideline
• Nuclei Template Contribution Guideline
• PD-Community Discord server

[princechaddha]

Hello @tstromberg, thank you so much for sharing this template with the community and contributing to this project 🍻

You can join our discord server. It's a great place to connect with fellow contributors and stay updated with the latest developments. Thank you once again