Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

AVTECH Video Surveillance Product - Authentication Bypass

By kannthu

High
Vidoc logoVidoc Module
#exposure#avtech#auth-bypass#password
Description

AVTECH Video Surveillance Product - Authentication Bypass

What is the "AVTECH Video Surveillance Product - Authentication Bypass?"

The "AVTECH Video Surveillance Product - Authentication Bypass" module is designed to detect a vulnerability in AVTECH Video Surveillance Products. This vulnerability allows an attacker to bypass authentication and gain unauthorized access to the system. The severity of this vulnerability is classified as high.

This module was authored by ritikchaddha.

Impact

If successfully exploited, this vulnerability can lead to unauthorized access to the AVTECH Video Surveillance Products. Attackers can potentially gain control over the system, view sensitive information, and perform malicious activities.

How the module works?

The module sends HTTP requests to the target system, specifically targeting the "/cgi-bin/user/Config.cgi" endpoint. It checks for specific conditions to determine if the authentication bypass vulnerability exists.

An example of an HTTP request sent by the module:

GET /cgi-bin/user/Config.cgi?.cab&action=get&category=Account.*

The module uses the following matching conditions to identify the vulnerability:

- The response body contains the words "Account.Maxuser=" and "Account.LocalPassword=". - The response header contains the word "text/plain". - The HTTP response status is 200.

If all the matching conditions are met, the module reports the vulnerability.

Metadata:

- max-req: 2 - verified: true - shodan-query: title:"login" product:"Avtech" - fofa-query: app="AVTECH-视频监控"

For more information, please refer to the official documentation of the Vidoc platform.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/cgi-bin/user/Config.../cgi-bin/user/Config...
Matching conditions
word: Account.Maxuser=, Account.LocalPassword=and
word: text/plainand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability