admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 10:16:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create Some_Hikvision_iVMS_file_upload_vulnerabilities.md

Browse Source 
add Some Hikvision iVMS file upload vulnerabilities
This commit is contained in:
Goby 2023-06-02 18:14:29 +08:00 committed by GitHub
parent 6f731fd41b
commit 7e70c3046d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Some_Hikvision_iVMS_file_upload_vulnerabilities.md Normal file
View File

@ -0,0 +1,12 @@
## Some Hikvision iVMS file upload vulnerabilities
| **Vulnerability** | **Some Hikvision iVMS file upload vulnerabilities** |
| :----: | :-----|
| **Chinese name** | 海康威视部分iVMS系统存在文件上传漏洞 |
| **CVSS core** | 9.8 |
| **FOFA Query** (click to view the results directly)| [(body="class=\"enname\">iVMS-4200" && body="laRemPassword") \|\| (body="home/locationIndex.action?time=" && body="result.data.indexUrl;") \|\| (body="//caoshiyan modify 2015-06-30 中转页面" && body="/home/locationIndex.action?time=" \|\| body="home/licenseUpload.action") \|\| (body="class=\"out\">\<a href=\"download/iVMS-") \|\| ((body="tab-border code-iivms\">" \|\| body="login?service=" \|\| body="/eop/common/css/reset.css" \|\| header="/cms/web/gateway/"\|\| body="/cms/web/gateway/" \|\| header="/login?service=" \|\| title="iVMS") && header="Server: If you want know, you can ask me" && header!="404 Not Found") \|\| (body="var uuid = \"2b73083e-9b29-4005-a123-1d4ec47a36d5\"; // 用于检测VMS是否超时, chenliangyf1") \|\| (body="/cas/login" && body="js/login/login.service.js") \|\| (body="daysOflicenseDatedWarn" && body="/cas/login") \|\| (body="/ivms-ui/default/css/login.css") \|\| (server="Apache-Coyote/1.1" && body="/baseui/js/plugins/ui/jquery.placeholder.js") \|\| (body="/cas/static/js/jquery.placeholder.js") \|\| (body="IVMS.files/logo.gif") \|\| (body="license!getExpireDateOfDays.action" && body=" window.document.location = '/license!getExpireDateOfDays.action';") \|\| (body="iVMS-A100" && title="登录") \|\| (body="/error/browser.do" && body="/portal" && body="settings.skinStyle" && (body="src=\"/portal/common/js/commonVar.js" \|\| body="nginxService/v1/download/InstallRootCert.exe"))](https://en.fofa.info/result?qbase64=KGJvZHk9ImNsYXNzPVwiZW5uYW1lXCI%2BaVZNUy00MjAwIiAmJiBib2R5PSJsYVJlbVBhc3N3b3JkIikgfHwgKGJvZHk9ImhvbWUvbG9jYXRpb25JbmRleC5hY3Rpb24%2FdGltZT0iICYmIGJvZHk9InJlc3VsdC5kYXRhLmluZGV4VXJsOyIpIHx8IChib2R5PSIvL2Nhb3NoaXlhbiBtb2RpZnkgMjAxNS0wNi0zMCDkuK3ovazpobXpnaIiICYmIGJvZHk9Ii9ob21lL2xvY2F0aW9uSW5kZXguYWN0aW9uP3RpbWU9IiB8fCBib2R5PSJob21lL2xpY2Vuc2VVcGxvYWQuYWN0aW9uIikgfHwgKGJvZHk9ImNsYXNzPVwib3V0XCI%2BPGEgaHJlZj1cImRvd25sb2FkL2lWTVMtIikgfHwgKChib2R5PSJ0YWItYm9yZGVyIGNvZGUtaWl2bXNcIj4iIHx8IGJvZHk9ImxvZ2luP3NlcnZpY2U9IiB8fCBib2R5PSIvZW9wL2NvbW1vbi9jc3MvcmVzZXQuY3NzIiB8fCBoZWFkZXI9Ii9jbXMvd2ViL2dhdGV3YXkvInx8IGJvZHk9Ii9jbXMvd2ViL2dhdGV3YXkvIiB8fCBoZWFkZXI9Ii9sb2dpbj9zZXJ2aWNlPSIgfHwgdGl0bGU9ImlWTVMiKSAmJiBoZWFkZXI9IlNlcnZlcjogSWYgeW91IHdhbnQga25vdywgeW91IGNhbiBhc2sgbWUiICYmIGhlYWRlciE9IjQwNCBOb3QgRm91bmQiKSB8fCAoYm9keT0idmFyIHV1aWQgPSBcIjJiNzMwODNlLTliMjktNDAwNS1hMTIzLTFkNGVjNDdhMzZkNVwiOyAvLyDnlKjkuo7mo4DmtYtWTVPmmK%2FlkKbotoXml7YsIGNoZW5saWFuZ3lmMSIpIHx8IChib2R5PSIvY2FzL2xvZ2luIiAmJiBib2R5PSJqcy9sb2dpbi9sb2dpbi5zZXJ2aWNlLmpzIikgfHwgKGJvZHk9ImRheXNPZmxpY2Vuc2VEYXRlZFdhcm4iICYmIGJvZHk9Ii9jYXMvbG9naW4iKSB8fCAoYm9keT0iL2l2bXMtdWkvZGVmYXVsdC9jc3MvbG9naW4uY3NzIikgfHwgKHNlcnZlcj0iQXBhY2hlLUNveW90ZS8xLjEiICYmIGJvZHk9Ii9iYXNldWkvanMvcGx1Z2lucy91aS9qcXVlcnkucGxhY2Vob2xkZXIuanMiKSB8fCAoYm9keT0iL2Nhcy9zdGF0aWMvanMvanF1ZXJ5LnBsYWNlaG9sZGVyLmpzIikgfHwgKGJvZHk9IklWTVMuZmlsZXMvbG9nby5naWYiKSB8fCAoYm9keT0ibGljZW5zZSFnZXRFeHBpcmVEYXRlT2ZEYXlzLmFjdGlvbiIgJiYgYm9keT0iIHdpbmRvdy5kb2N1bWVudC5sb2NhdGlvbiA9ICcvbGljZW5zZSFnZXRFeHBpcmVEYXRlT2ZEYXlzLmFjdGlvbic7IikgfHwgKGJvZHk9ImlWTVMtQTEwMCIgJiYgdGl0bGU9IueZu%2BW9lSIpIHx8IChib2R5PSIvZXJyb3IvYnJvd3Nlci5kbyIgJiYgYm9keT0iL3BvcnRhbCIgJiYgYm9keT0ic2V0dGluZ3Muc2tpblN0eWxlIiAmJiAoYm9keT0ic3JjPVwiL3BvcnRhbC9jb21tb24vanMvY29tbW9uVmFyLmpzIiB8fCBib2R5PSJuZ2lueFNlcnZpY2UvdjEvZG93bmxvYWQvSW5zdGFsbFJvb3RDZXJ0LmV4ZSIpKQ%3D%3D) |
| **Number of assets affected** | 15294 |
| **Description** | Hikvision-iVMS comprehensive security management platform is an \"integrated\", \"digital\" and \"intelligent\" platform, including video, alarm, access control, visitor, elevator control, inspection, attendance, consumption, parking lot, Video intercom and other subsystems. The attacker constructs a token arbitrarily by obtaining the key, and requests an interface to upload files arbitrarily, resulting in obtaining the webshell permission of the server and executing malicious code remotely. |
| **Impact** | Hikvision-iVMS comprehensive security management platform is an \"integrated\", \"digital\" and \"intelligent\" platform, including video, alarm, access control, visitor, elevator control, inspection, attendance, consumption, parking lot, Video intercom and other subsystems. The attacker constructs a token arbitrarily by obtaining the key, and requests an interface to upload files arbitrarily, resulting in obtaining the webshell permission of the server and executing malicious code remotely. |
![](https://s3.bmp.ovh/imgs/2023/06/02/48cbd695f8499d33.gif)