Created
March 30, 2017 17:15
-
-
Save anonymous/16aca69b7dea27cb73ddebb0d9033b02 to your computer and use it in GitHub Desktop.
Dahua IPC Information Disclosure & Privilege Escalation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Dahua IPC Information Disclosure & Privilege Escalation | |
| CVE-2017-7253 | |
| I.Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps, I will update more information later after 90 days expiration. | |
| 1. Use the default low-privilege credentials to list all users via a request to the | |
| abastract URI. | |
| 2. Login to the IP camera with admin credentials so as to obtain full control of the target IP camera. | |
| II.logs generated by POC | |
| > [<] 888888 | |
| > [<] 4xxxxxxM | |
| > ------------------------------------------------ | |
| > [i] > Admin Credential Login | |
| > [<]200 | |
| > [<]{ "error" : { "code" : 268632079, "message" : "Component error: login challenge!" }, | |
| > "id" : 10000, "params" : { "encryption" : "OldDigest", "random" : "", "realm" : | |
| > "Login to " }, "result" : false, "session" : 49319424 } | |
| > | |
| > [i] session is 49319424 | |
| > ------------------------------------------------ | |
| > [i] >Admin Credential Login again with session:49319424 | |
| > [<]200 | |
| > [<]{ "id" : 10000, "params" : null, "result" : true, "session" : 49319424 } | |
| > | |
| > Admin Login Successfully! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment