fofamini-wiki

登录白背景

源码

EasyCVR 视频管理平台downloadxlsx存在信息泄露

一、漏洞简介

EasyCVR 视频管理平台是 TSINGSEE 青犀视频旗下一款软硬一体的产品，可提供多协议的设备接入、采集、AI 智能检测、处理、分发等服务，攻击者可通过泄露的账户密码登录后台，从而进一步攻击。

二、影响版本

EasyCVR 视频管理平台

三、资产测绘

hunterweb.title="EasyCVR"
特征

四、漏洞复现

/api/v1/downloadxlsx

EasyCVR-Download-files.yaml

原文: https://www.yuque.com/xiaokp7/ocvun2/wrxyr4pglx3fz5cx

# EasyCVR 视频管理平台downloadxlsx存在信息泄露

# 一、漏洞简介
EasyCVR 视频管理平台是 TSINGSEE 青犀视频旗下一款软硬一体的产品，可提供多协议的设备接入、采集、AI 智能检测、处理、分发等服务，攻击者可通过泄露的账户密码登录后台，从而进一步攻击。

# 二、影响版本

- EasyCVR 视频管理平台

# 三、资产测绘

- hunter`web.title="EasyCVR"`
- 特征

![image.png](./img/3XFY00LDlJJ122UX/1699021094705-867464c9-0dfb-4275-b909-1b8d11a3776d-292524.png)

# 四、漏洞复现
```
/api/v1/downloadxlsx	
```
![image.png](./img/3XFY00LDlJJ122UX/1708923201292-baaeaf81-a48b-4787-83e8-b79f45f880d7-779003.png)
![image.png](./img/3XFY00LDlJJ122UX/1708923222135-c7cc8663-1f04-4eef-940b-286adb1f09b1-988288.png)
[EasyCVR-Download-files.yaml](https://www.yuque.com/attachments/yuque/0/2024/yaml/1622799/1709222234070-520e81a5-d273-4898-b036-f7b7b5802b2a.yaml?_lake_card=%7B%22src%22%3A%22https%3A%2F%2Fwww.yuque.com%2Fattachments%2Fyuque%2F0%2F2024%2Fyaml%2F1622799%2F1709222234070-520e81a5-d273-4898-b036-f7b7b5802b2a.yaml%22%2C%22name%22%3A%22EasyCVR-Download-files.yaml%22%2C%22size%22%3A1027%2C%22ext%22%3A%22yaml%22%2C%22source%22%3A%22%22%2C%22status%22%3A%22done%22%2C%22download%22%3Atrue%2C%22taskId%22%3A%22u51e6ee0e-7909-4dbc-b036-d41120644f2%22%2C%22taskType%22%3A%22upload%22%2C%22type%22%3A%22application%2Fx-yaml%22%2C%22__spacing%22%3A%22both%22%2C%22id%22%3A%22uea30a1e6%22%2C%22margin%22%3A%7B%22top%22%3Atrue%2C%22bottom%22%3Atrue%7D%2C%22card%22%3A%22file%22%7D)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/wrxyr4pglx3fz5cx>