Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "KevinLAB HEMS - Backdoor Detection" module is designed to detect the presence of an undocumented backdoor account in the KevinLAB Home Energy Management System (HEMS). This module targets the KevinLAB HEMS software and is considered to have a critical severity level. The module was authored by gy741.
If the backdoor account is present and accessible, an attacker could exploit this vulnerability by logging in using the backdoor account. This unauthorized access could potentially lead to unauthorized control and manipulation of the KevinLAB HEMS system.
The module works by sending an HTTP request to the targeted KevinLAB HEMS system. The request is designed to simulate a login attempt using the backdoor account credentials. The module then applies a series of matching conditions to determine if the backdoor account is present and accessible.
Example HTTP request:
POST /dashboard/proc.php?type=login HTTP/1.1
Host: <Hostname>
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate
Connection: close
userid=kevinlab&userpass=kevin003
The module's matching conditions include:
- The presence of a specific HTML tag in the response body:<meta http-equiv="refresh" content="0; url=/>"
- The absence of a specific HTML tag in the response body: <script> alert
- The presence of a specific header in the response: PHPSESSID
- The HTTP response status code being 200
If all of these conditions are met, the module will identify the presence of the backdoor account in the KevinLAB HEMS system.