当前位置:网站首页>Zero view h5s video platform getUserInfo information disclosure vulnerability cnvd-2020-67113

Zero view h5s video platform getUserInfo information disclosure vulnerability cnvd-2020-67113

2022-07-28 23:43:00 Chu Bing

Zero vision technology H5S Video platform GetUserInfo Information leaks CNVD-2020-67113

This article is only for study , It is strictly forbidden to use it for illegal purposes , Otherwise, we will be responsible for the consequences .

Vulnerability profile

Zero view technology ( Shanghai ) Ltd. is a leading video technology to serve customers , We are committed to simplifying the development of Internet of things video , Depending on HTML5 WebRTC And so on , Realize the simplification of video playback on the whole platform . Zero view technology ( Shanghai ) Co., LTD. H5S CONSOLE There is an unauthorized access vulnerability . An attacker can use the vulnerability to access the corresponding port in the background , Perform unauthorized operation .

Holes affect

Zero vision technology H5S Video platform

FOFA grammar 

title="H5S Video platform |WEB"

Loophole recurrence

The login page

Insert picture description here

API Documents can be accessed without authorization 

/doc/api.html

Insert picture description here

There is an interface with user account and password disclosure 

/api/v1/GetUserInfo?user=admin&session=

原网站

版权声明
本文为[Chu Bing]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/209/202207282150111133.html

边栏推荐

猜你喜欢

随机推荐