Update secnet-ac-default-login.yaml
parent
c4d1663b18
commit
27f5fbd6b2
|
@ -5,44 +5,37 @@ info:
|
|||
author: ritikchaddha
|
||||
severity: high
|
||||
description: secnet ac default admin credentials were discovered.
|
||||
tags: secnet,default-login
|
||||
reference:
|
||||
- https://bbs.secnet.cn/post/t-30
|
||||
tags: secnet,default-login
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
GET /login.html HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
- |
|
||||
POST /login.cgi HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
user={{username}}&password={{pass}}
|
||||
user={{username}}&password={{password}}
|
||||
|
||||
attack: pitchfork
|
||||
payloads:
|
||||
username:
|
||||
- admin
|
||||
pass:
|
||||
password:
|
||||
- admin
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<title>安网科技-智能路由系统</title>"
|
||||
- "<title>Anwang Technology-Intelligent Routing System</title>"
|
||||
- "window.open('index.htm?_"
|
||||
part: body
|
||||
condition: and
|
||||
words:
|
||||
- "window.open('index.htm"
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "Set-Cookie= ac_userid=admin,ac_passwd="
|
||||
part: header
|
||||
words:
|
||||
- "ac_userid={{username}},ac_passwd="
|
||||
|
||||
- type: status
|
||||
status:
|
||||
|
|
Loading…
Reference in New Issue