[Vulnerability Recurrence] Any file upload vulnerability at the front desk of Dahua Smart Park Integrated Management Platform - Code World

[Vulnerability Recurrence] Any file upload vulnerability at the front desk of Dahua Smart Park Integrated Management Platform

Mobile 2023-10-07 04:06:49 views: null

Article directory

Preface
statement
1. Introduction
2. Scope of influence
3. Asset search
4. Vulnerability testing
4. Repair suggestions

Preface

The Dahua Smart Park Integrated Management Platform has a front-end arbitrary file upload vulnerability. An attacker can obtain sensitive server information through a specific payload, and then obtain server control permissions.

statement

Please do not use the relevant technologies in this article to engage in illegal testing. Any direct or indirect consequences and losses caused by the dissemination and use of the information or tools provided in this article are the responsibility of the user himself. All adverse consequences and The author of the article is irrelevant. This article is for educational purposes only.

1. Introduction

Dahua Smart Park Integrated Management Platform is a comprehensive management solution developed by Dahua Technology Co., Ltd. (Dahua Technology). The platform is designed to help park managers improve management efficiency, improve safety levels, optimize resource utilization, and achieve intelligent park operations. The Dahua Smart Park comprehensive management platform adopts modular design and open architecture, and can be customized and expanded according to the needs of different parks. At the same time, it also supports cloud deployment and mobile access, allowing managers to monitor park operations anytime and anywhere.

2. Scope of influence

大华智慧园区综合管理平台

Insert image description here

3. Asset search

Guess you like

Origin blog.csdn.net/weixin_46944519/article/details/132856535

[Vulnerability Recurrence] Any file upload vulnerability at the front desk of Dahua Smart Park Integrated Management Platform

There is an arbitrary file upload vulnerability in the comprehensive management platform of Dahua Smart Park

[1day] Reproduced the file upload vulnerability in the integrated management platform of Dahua Smart Park

Dahua Smart Park Integrated Management Platform SQL Injection Vulnerability Recurrence (HW0day)

Reappearance of the file upload vulnerability on the comprehensive management platform of Dahua Smart Park (HW0day)

Dahua Smart Park Integrated Management Platform RCE Vulnerability Reappearance (0day)

【1day】Reproduce the SQL injection vulnerability of Dahua Smart Park Integrated Management Platform

Vulnerability Recurrence - Common SQL injection vulnerability in the front desk of a smart terminal operating platform (with vulnerability detection script attached)

Hikvision iVMS integrated security system arbitrary file upload vulnerability recurrence (0day)

[Vulnerability recurrence] Fanwei e-cology front desk SQL injection vulnerability

[Junsi Smart Park] Smart Park Integrated Management Platform Solution

[Vulnerability recurrence] Vmware vcenter does not authorize any file RCE

Vulnerability recurrence-Datang Telecom AC centralized management platform sensitive information leakage vulnerability (with vulnerability detection script)

Vulnerability recurrence - UFIDA NC arbitrary file upload vulnerability (with vulnerability detection script)

Vulnerability recurrence - Hongfan OA iorepsavexml.aspx file upload vulnerability (with vulnerability detection script)

Vulnerability recurrence - there is an arbitrary file reading vulnerability in the iDocview doc/upload interface (vulnerability detection script attached)

Smart contract vulnerability cases, DEI vulnerability recurrence

Vulnerability recurrence - Zhejiang University Ent customer resource management system CustomerAction.entphone; .js interface arbitrary file upload vulnerability (with vulnerability detection script)

CVE-2018-2894 weblogic arbitrary file upload vulnerability recurrence

Apache Axis2 background file upload getshell vulnerability recurrence

UFIDA KSOA ImageUpload Arbitrary File Upload Vulnerability Recurrence + Exploitation

Hongjing eHR arbitrary file upload vulnerability recurrence (0day)

[Vulnerability Recurrence] WordPress plugin wp-file-manager arbitrary file upload vulnerability (CVE-2020-25213)

There is an arbitrary file upload vulnerability in the saveImg interface of Lanling EIS smart collaboration platform

[vulhub vulnerability recurrence] CVE-2018-2894 Weblogic arbitrary file upload vulnerability

[Vulnerability Recurrence] Glodon OA vulnerability collection (information leakage + SQL injection + file upload)

Hikvision isecure center comprehensive security management platform arbitrary file upload vulnerability

Hikvision isecure center comprehensive security management platform has an arbitrary file upload vulnerability

Dahua Smart Park Integrated Management Platform RCE Vulnerability Reappearance (0day)

Any file upload vulnerability in UFIDA full version reproduces

Recommended

TIOBE May list: Fortran “resurrected” into Top 10

GCC 14.1 released

Ranking

B. Little Girl and Game【1300 / 回文字符串博弈论】

CIKERS Shane 20190613

"Javascript advanced programming" study notes - the constructor and prototype

beeline hiveserver2 start

springboot - Automatically backup mysql data every day

Data Storage Full Solution--Detailed Persistence Technology

Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original

TCP / IP protocol layers structure and function

Command type literal pos: unknown； Fallback type literal pos: unknown] with root cause

Design of multifunctional curtain controller with indoor anti-theft alarm

Daily

More

2024-05-08(18)

2024-05-07(34)

2024-05-06(6)

2024-05-05(0)

2024-05-04(18)

2024-05-03(8)

2024-05-02(0)

2024-05-01(4)

2024-04-30(36)

2024-04-29(5)