Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

KevinLAB HEMS - Backdoor Detection

By kannthu

Vidoc logoVidoc Module

What is the "KevinLAB HEMS - Backdoor Detection?"

The "KevinLAB HEMS - Backdoor Detection" module is designed to detect the presence of an undocumented backdoor account in the KevinLAB Home Energy Management System (HEMS). This module targets the KevinLAB HEMS software and is considered to have a critical severity level. The module was authored by gy741.


If the backdoor account is present and accessible, an attacker could exploit this vulnerability by logging in using the backdoor account. This unauthorized access could potentially lead to unauthorized control and manipulation of the KevinLAB HEMS system.

How does the module work?

The module works by sending an HTTP request to the targeted KevinLAB HEMS system. The request is designed to simulate a login attempt using the backdoor account credentials. The module then applies a series of matching conditions to determine if the backdoor account is present and accessible.

Example HTTP request:

POST /dashboard/proc.php?type=login HTTP/1.1
Host: <Hostname>
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate
Connection: close


The module's matching conditions include:

- The presence of a specific HTML tag in the response body: <meta http-equiv="refresh" content="0; url=/>" - The absence of a specific HTML tag in the response body: <script> alert - The presence of a specific header in the response: PHPSESSID - The HTTP response status code being 200

If all of these conditions are met, the module will identify the presence of the backdoor account in the KevinLAB HEMS system.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Raw request
Matching conditions
word: <meta http-equiv="refresh" content="0; u...and
NOT word: <script> alertand
word: PHPSESSIDand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability