Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

COMMAX Biometric Access Control System 1.0.0 - Authentication Bypass

By kannthu

Critical
Vidoc logoVidoc Module
#commax#auth-bypass#edb
Description

COMMAX Biometric Access Control System 1.0.0 - Authentication Bypass

What is the "COMMAX Biometric Access Control System 1.0.0 - Authentication Bypass?"

The "COMMAX Biometric Access Control System 1.0.0 - Authentication Bypass" module is designed to detect an authentication bypass vulnerability in the COMMAX Biometric Access Control System version 1.0.0. This vulnerability allows unauthorized access to the system, compromising its security. The severity of this vulnerability is classified as critical.

Impact

If exploited, this vulnerability can lead to unauthorized access to the COMMAX Biometric Access Control System. Attackers can bypass the authentication mechanism and gain control over the system, potentially compromising the security of the premises it is protecting.

How the module works?

The module works by sending an HTTP request to the target system and analyzing the response. It checks for specific conditions to determine if the authentication bypass vulnerability is present. The request template used by the module is as follows:

GET /db_dump.php HTTP/1.1
Host: {%Hostname%}
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: /user_add.php
Cookie: CMX_SAVED_ID=zero; CMX_ADMIN_ID=science; CMX_ADMIN_NM=liquidworm; CMX_ADMIN_LV=9; CMX_COMPLEX_NM=ZSL; CMX_COMPLEX_IP=2.5.1.0

The module then applies the following matching conditions to the response:

- The response body must contain the HTML title tag "::: COMMAX :::". - The response header must include the word "text/html". - The HTTP status code must be 200.

If all the matching conditions are met, the module identifies the presence of the authentication bypass vulnerability.

This module is a valuable tool for security professionals and system administrators to identify and mitigate the authentication bypass vulnerability in the COMMAX Biometric Access Control System 1.0.0.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Raw request
Matching conditions
word: <title>::: COMMAX :::</title>and
word: text/htmland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability