Hikvision Streaming Media Management Server User Xml Account Password Leak Vulnerability
Hikvision Streaming Media Management Server User Xml Account Password Leak Vulnerability
HIKVISION Streaming Media Management Server user.xml Account Password Leak Vulnerability
Vulnerability Description
The HIKVISION streaming media management server configuration file has not been authenticated, and the attacker can obtain the website account password through the vulnerability.
Vulnerability Impact
HIKVISION Streaming Media Management Server
Network surveying and mapping
Vulnerability reappears
Login page
Verify POC
/config/user.xml
The account password in the picture is base64 encryption
This post is licensed under CC BY 4.0 by the author.