nuclei-templates/http/vulnerabilities/other/lucee-unset-credentials.yaml

40 lines
1.1 KiB
YAML
Raw Normal View History

2024-03-04 20:09:07 +00:00
id: lucee-unset-credentials
info:
name: Lucee - Unset Credentials
author: jpg0mez
severity: high
2024-03-05 12:10:44 +00:00
description: |
The Lucee admin panel has a first-time setup page which allows any user to set the administrator password.
2024-03-04 20:09:07 +00:00
reference:
- https://luceeserver.atlassian.net/browse/LDEV-926
- https://www.petefreitag.com/blog/lucee-admin-password-box/
classification:
cwe-id: CWE-798
metadata:
2024-03-06 05:34:57 +00:00
verified: true
max-request: 2
2024-03-05 12:10:44 +00:00
shodan-query: "html:\"Lucee\""
fofa-query: "app=\"Lucee-Engine\""
2024-03-04 20:09:07 +00:00
tags: lucee,default-login,unauth
http:
- method: GET
path:
- "{{BaseURL}}/lucee/admin/web.cfm"
- "{{BaseURL}}/lucee/admin/server.cfm"
2024-03-05 12:14:07 +00:00
2024-03-04 20:09:07 +00:00
stop-at-first-match: true
2024-03-06 05:34:57 +00:00
matchers-condition: and
2024-03-04 20:09:07 +00:00
matchers:
- type: word
2024-03-05 12:10:44 +00:00
part: body
2024-03-04 20:09:07 +00:00
words:
2024-03-06 05:34:57 +00:00
- 'Lucee'
- 'box">New Password</div>'
2024-03-04 20:09:07 +00:00
condition: and
2024-03-05 12:10:44 +00:00
- type: status
status:
- 200
# digest: 4b0a00483046022100c07d4f72a86061dd8a8fdf55a15c0216d34797ed9687a20a76db1db880e0fe6c022100f9a245e6e5a4214b52013a7e8d28837ded3d42e976defe08f32afeaf5bbba51c:922c64590222798bb761d5b6d8e72950