Lucee - Unset Credentials
ID: lucee-unset-credentials
Severity: high
Author: jpg0mez
Tags: lucee,default-login,unauth
Description
Section titled “Description”The Lucee admin panel has a first-time setup page which allows any user to set the administrator password.
YAML Source
Section titled “YAML Source”id: lucee-unset-credentials
info: name: Lucee - Unset Credentials author: jpg0mez severity: high description: | The Lucee admin panel has a first-time setup page which allows any user to set the administrator password. reference: - https://luceeserver.atlassian.net/browse/LDEV-926 - https://www.petefreitag.com/blog/lucee-admin-password-box/ classification: cwe-id: CWE-798 metadata: verified: true max-request: 2 shodan-query: "html:\"Lucee\"" fofa-query: "app=\"Lucee-Engine\"" tags: lucee,default-login,unauth
http: - method: GET path: - "{{BaseURL}}/lucee/admin/web.cfm" - "{{BaseURL}}/lucee/admin/server.cfm"
stop-at-first-match: true matchers-condition: and matchers: - type: word part: body words: - 'Lucee' - 'box">New Password</div>' condition: and
- type: status status: - 200# digest: 4a0a004730450220306f62d624c098f375dd7f9735411b41d04e55e8fe3d61926c60c51af9b46af50221009ec8823038afd05d6eed10472252b6f7c3686e004a601f867637946272e116c8:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/vulnerabilities/other/lucee-unset-credentials.yaml"