nuclei-templates/exposed-panels/avtech-dvr-exposure.yaml

30 lines
836 B
YAML
Raw Normal View History

2021-06-24 16:59:05 +00:00
id: avtech-dvr-exposure
info:
name: AVTECH AVC798HA DVR - Information Exposure
2021-06-24 16:59:05 +00:00
author: geeknik
severity: low
description: AVTECH AVC798HA DVR is susceptible to information exposure. CGI scripts in the /cgi-bin/nobody directory can be accessed without authentication. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
reference:
- http://www.avtech.com.tw/
2021-06-24 16:59:05 +00:00
tags: dvr,exposure,avtech
requests:
- method: GET
path:
- "{{BaseURL}}/cgi-bin/nobody/Machine.cgi?action=get_capability"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "Firmware.Version="
- "MACAddress="
- "Product.Type="
condition: and
# Enhanced by md on 2023/02/03