From b9e2549d37912f9fbb1a996fc18123a46be86f12 Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Sun, 8 Oct 2023 12:15:52 +0530
Subject: [PATCH 1/2] Create xploitspy-default-login.yaml

---
 .../xploitspy/xploitspy-default-login.yaml    | 49 +++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100644 http/default-logins/xploitspy/xploitspy-default-login.yaml

diff --git a/http/default-logins/xploitspy/xploitspy-default-login.yaml b/http/default-logins/xploitspy/xploitspy-default-login.yaml
new file mode 100644
index 00000000000..3d576bdf0f6
--- /dev/null
+++ b/http/default-logins/xploitspy/xploitspy-default-login.yaml
@@ -0,0 +1,49 @@
+id: xploitspy-default-login
+
+info:
+  name: XploitSPY - Default Login
+  author: andreluna
+  severity: high
+  description: | 
+    Default login and password to access administrator panel
+  reference:
+    - https://github.com/XploitWizer-Community/XploitSPY
+  metadata:
+    shodan-query: html:XploitSPY
+    max-request: 3
+  tags: xploitspy,default-login
+
+http:
+  - raw:
+      - |
+        POST /login HTTP/1.1
+        Host: {{Hostname}}
+        Origin: http://{{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+        Referer: http://{{Hostname}}/login
+
+        username={{user}}&password={{pass}}&hostname={{Hostname}}
+
+    cookie-reuse: true
+    attack: pitchfork
+    payloads:
+      user:
+        - admin
+      pass:
+        - password
+
+    redirects: true
+    max-redirects: 2
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "Change Password"
+          - "Logout"
+        condition: and 
+
+      - type: status
+        status:
+          - 200

From fb033a936fde485120194688455ab1dd3f751339 Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Sun, 8 Oct 2023 12:36:46 +0530
Subject: [PATCH 2/2] fix lint

---
 .../default-logins/xploitspy/xploitspy-default-login.yaml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/http/default-logins/xploitspy/xploitspy-default-login.yaml b/http/default-logins/xploitspy/xploitspy-default-login.yaml
index 3d576bdf0f6..6e304d0d079 100644
--- a/http/default-logins/xploitspy/xploitspy-default-login.yaml
+++ b/http/default-logins/xploitspy/xploitspy-default-login.yaml
@@ -4,7 +4,7 @@ info:
   name: XploitSPY - Default Login
   author: andreluna
   severity: high
-  description: | 
+  description: |
     Default login and password to access administrator panel
   reference:
     - https://github.com/XploitWizer-Community/XploitSPY
@@ -18,9 +18,9 @@ http:
       - |
         POST /login HTTP/1.1
         Host: {{Hostname}}
-        Origin: http://{{Hostname}}
+        Origin: {{RootURL}}
         Content-Type: application/x-www-form-urlencoded
-        Referer: http://{{Hostname}}/login
+        Referer: {{RootURL}}/login
 
         username={{user}}&password={{pass}}&hostname={{Hostname}}
 
@@ -42,7 +42,7 @@ http:
         words:
           - "Change Password"
           - "Logout"
-        condition: and 
+        condition: and
 
       - type: status
         status: