unauth-innovatrics-smartface-panel: Unauthenticated SmartFace Panel - Detect

日期: 2025-08-01 | 影响软件: innovatrics smartface panel | POC: 已公开

漏洞描述

An unauthenticated SmartFace login was detected. The panel, used for facial recognition from video streams, allowed attackers to extract camera connection strings and other sensitive information

PoC代码[已公开]

id: unauth-innovatrics-smartface-panel

info:
  name: Unauthenticated SmartFace Panel - Detect
  author: matejsmycka
  severity: medium
  description: |
    An unauthenticated SmartFace login was detected. The panel, used for facial recognition from video streams, allowed attackers to extract camera connection strings and other sensitive information
  reference:
    - https://www.innovatrics.com/face-recognition-solutions/
  metadata:
    max-request: 1
    shodan-query: http.favicon.hash:-1410437493
  tags: panel,smartface,login,detect,vuln

flow: http(1) && http(2)

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    host-redirects: true
    max-redirects: 2

    matchers:
      - type: dsl
        dsl:
          - "contains_all(body, '<title>Smartface')"
          - "contains(header, 'X-Powered-By: Express')"
          - "status_code == 200"
        condition: and

  - raw:
      - |
        POST /-/graphql HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"query":"query getIsCollectingData {\n  isCollectingData\n}","operationName":"getIsCollectingData","variables":{}}

    matchers:
      - type: dsl
        dsl:
          - "status_code == 200"
          - "contains_all(body, 'version', 'isCollectingData')"
        condition: and
        internal: true
# digest: 490a0046304402202939a98ee9fed9c60553ed236082a71c89bac3b5643b4677a0cc1315b139f77d022063395bb95faa96b5d1f5fe901ec924fddfcc15ecdba09c5925175abba9300dfa:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/misconfiguration/innovatrics-smartface-panel.yaml