dameng-detect: 达梦数据库

日期: 2025-09-01 | 影响软件: 达梦数据库 | POC: 已公开

漏洞描述

默认端口 5236 默认密码达梦数据库默认用户密码SYSDBA:SYSDBA Fofa: protocol="dameng" ZoomEye: app:"DMSQL"

PoC代码[已公开]

id: dameng-detect

info:
  name: 达梦数据库
  author: zan8in
  severity: info
  verified: true
  description: |-
    默认端口 5236 默认密码  达梦数据库默认用户密码SYSDBA:SYSDBA
    Fofa: protocol="dameng"
    ZoomEye: app:"DMSQL"
  reference:
    - https://www.dameng.com/
  tags: network,db,dameng
  created: 2023/12/22

set:
  host: request.url.domain
  hostname: request.url.host
rules:
  r0:
    request:
      type: tcp
      host: "{{hostname}}"
      data: "00000000c8005100000000000000000000000099000000000000000001020000000000000000000000000000000000000000000000000000000000000000000008000000382e312e312e34390040000000068149bbe004a62fb45552831704c802d4d802b4579cb045b3c6100880725ececf148a7c9205047caccadfef5ff264460d11092a3b483bf9d24382dea1dc43e7"
      data-type: hex
    expression: response.body.bcontains(b'00000000e400') || response.body.bcontains(b'40000000')
  r1:
    request:
      type: tcp
      host: "{{host}}:5236"
      data: "00000000c8005100000000000000000000000099000000000000000001020000000000000000000000000000000000000000000000000000000000000000000008000000382e312e312e34390040000000068149bbe004a62fb45552831704c802d4d802b4579cb045b3c6100880725ececf148a7c9205047caccadfef5ff264460d11092a3b483bf9d24382dea1dc43e7"
      data-type: hex
    expression: response.body.bcontains(b'00000000e400') || response.body.bcontains(b'40000000')
expression: r0() || r1()

来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/fingerprinting/dameng-detect.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐

达梦数据库弱口令漏洞 无POC

SourceCodester Pet Grooming Management Software SQL注入漏洞 无POC

D-Link DIR-645 命令注入漏洞 无POC

LemonLDAP::NG 操作系统命令注入漏洞 无POC

万户OA informationmanager_upload.jsp 任意文件上传漏洞 无POC

达梦数据库弱口令漏洞无POC

SourceCodester Pet Grooming Management Software SQL注入漏洞无POC

D-Link DIR-645 命令注入漏洞无POC

LemonLDAP::NG 操作系统命令注入漏洞无POC

万户OA informationmanager_upload.jsp 任意文件上传漏洞无POC